9 million EasyJet travel details got stolen, some even with credit card DLCs

While some people tell you that you should stay at home, EasyJet sends a message that you should have stayed at home for a long time or, at least, paid a bit more for your tickets. In a recent breach, a whopping 9 million travel details were stolen, but with that said, it is worth noting that, as EasyJet says, no passport information has been leaked, and if we’re talking about credit card data - only 2200 were found to be breached. The incident was already reported to the internet police, and if you go on their website the information about the incident is located in a big nothing, right on the homepage.

11 Likes

Oh wow! That’s not good!

Security leaks like this are extremely unfortunate, but sadly inevitable in today’s online society.

Off topic I know, but this is a good reminder to ensure your accounts and passwords haven’t been breached. Use haveibeenpwned.com to check.

5 Likes

I heard about this - I was astounded - hope everyone affected hasn’t had to suffer any consequences as a result of this (e.g. money stolen from cards, etc…)

Oh! Now that is not good :(

It looks like EasyJet made an ‘oops’.

That’s quite critical for them during this pandemic

That’s a huge number

Wait, so someone actually actually hacked into the EasyJet databse and got personal information from people?

That doesn’t really make it better though. Just not how cybersecurity should work.

1 Like

Maybe EasyJet’s computers were too easy to hack

1 Like

I know, but considering that 9 million travel details were breached - it is good that only 2200 were breached

2 Likes

Yeah, I understand where your coming from, but this is really not a good thing to happen equally how many numbers it concerns.

1 Like

All companies have breaches at some point, it is how they react to it that really shows their attitude. I remember when my 500px password was breached I got an email about it and a warning when I launched their app. EasyJet on the other hand, as far as I know, only wrote this in their press room, which, for normal people, equals not writing about it at all.

I’m gonna assume emails are going out?

As a white-hat hacker (someone who hacks to find vulnerabilities then reports them to the companies, yes it’s legal) I cannot recommend that site enough. As secure as they come and straight to the point.


I think a lot of people think that there’s such thing as perfect security. Bottom line, in today’s society there isn’t. Everything has a “back door” as its known and passwords can be guessable. The best things you can do for security from a companies perspective;

  1. Require 12 character passwords. This means there’s 12 to the power of 96 possible combinations (96 possible characters)
  2. Log everything, and make it near-impossible to bypass using items 1 and 3.
  3. Offer and strongly recommend 2-Factor-Authentication to users if you have the infrastructure.
  4. Read up on the OWASP Top 10 Security Risks and make sure there are measures against them.

My point is, nothing is fully secure. All it takes is someone to leak their password by accident (or on purpose) or have it found in a breach then just like that an attacker can get access. Whenever I do a hack (I find sites that set up machines that are designed to be hacked) the first thing I try are the “usual suspects” for passwords. We’re talking password, admin, 123456. 12345678, chocolate, 111111 and other Adobe Top 100 passwords.

TL;DR Passwords are the weakest link in the chain of security, so pick them wisely.

1 Like

this is so tragic
imagine how the victims would feel :(

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.