EasyJet has said it has fallen foul of a “highly sophisticated” attack, which has resulted in nine million email addresses being exposed to bad actors on the internet. Worse still, 2208 of those customers have had their credit card details exposed because of the vulnerability.
According to EasyJet’s statement, all customers affected by the incident will be contacted by May 26, but anyone whose credit details have been stolen should already have heard from the company.
Related: Best VPNs for security and privacy
Apart from the above mentioned unlucky few, the only details that were leaked were travel details and email addresses. So there’s no need to bin your passport and get a new one just yet.
As such a huge number of email addresses have been leaked, there’s a good chance that some new phishing attacks might be brewing somewhere in the wild. EasyJet is therefore advising all of its customers to be extra vigilant when perusing through their inboxes, especially with any correspondence that looks like its from the airline and asks for personal details.
Phishing attempts have multiplied during the outbreak of Covid-19, as hackers try to take advantage of people’s heightened anxiety surrounding the illness. Norton reported a rising trend in phishing attacks with “new” information on the virus, and Google claimed that it has blocked 126 million Covid-19 related scams.
Speaking with Trusted Reviews about phishing trends, Thycotic chief security scientist, Joseph Carson, said:
“Phishing email scams are looking more authentic as they continue to use more personal information gathered from public sources, so you should never assume it is safe to click on a link even if the email includes personal information like name, home address or job titles etc.
“Before clicking, ask yourself: ‘Was this expected?’ and ‘Do I know the person who is sending this?’. On occasions, check in with the actual person on if they actually did send you an email before you aimlessly click on something in which might be malware, ransomware, a remote access tool or a virus that could steal or access your data”
Given the ongoing issues surrounding cancelled flights, it’s easy to see why hackers would want to get their hands on the details of airline customers who are desperately requesting a refund.
Related: Best password manager 2020
As a precaution, it’s worth changing your password and setting up dual authentication on your email, so that it’s harder to access your inbox.
But the bigger threat here is the possibility of fake emails with malicious links, so keep an eye out for anything that looks suspicious and always go directly to the authenticated site if a company asks you to action something.