SECURITY
SECURITY
SECURITY
Singapore Airlines frequent flyer data exposed following buggy website update
A small number of Singapore Airlines Ltd. frequent flyer members have had their personal data potentially stolen following a software bug that exposed member data on Jan. 4.
The bug was introduced to the website of KrisFlyer, the airline’s frequent flyer program, following an update. It allowed members to view information belonging to other travelers.
Information compromised included names, email addresses, account numbers, membership tier status, transactions and rewards, passport and flight details. Although the number of compromised accounts came in at only 285, it could have been far worse. Fortunately, the bug was quickly detected by Singapore Airlines and remedied the same day.
That it occurred to begin with should serve as a wakeup call for the airline industry, Setu Kulkarni, vice president of corporate strategy at WhiteHat Security Inc., told SiliconANGLE. He explained that today’s airlines are essentially tech companies, and they need to implement security like their counterparts..
“To lessen the risk of further data breaches occurring, the aviation industry as a whole must change the way it approaches security,” he said. “Instead of thinking about ‘what we need to secure,’ airlines should focus on ‘who we need to secure.’ “In other words, airlines need to model their security endeavors around the hundreds of thousands of customers who trust them to protect the private information they are required to share in order to fly.”
Matt Rose, global director of Application Security Strategy at Checkmarx Ltd., noted that this kind of breach in which software bugs lead to bigger problems for users, occurs nearly every day. That’s because modern web application and software design has become increasingly complex, and most security programs don’t take a holistic approach to managing all the points of software exposure.
“In the case of Singapore Airlines, poor software security testing practices on a software update has led to the privacy invasion of nearly 300 customers, exposing extremely sensitive information like passport numbers,” Rose explained. “Unfortunately, this isn’t the first we’ve heard of an airline breach and it won’t be the last, which is why software must become a priority in the security program of airline companies worldwide.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
