 Poster: A snowHead
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
Last week I was contacted by our CC provider to say they were sending me a new credit card. Suspect this will be why then.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
Consdiering BA got fined 183 Million for losing 500,000 customer records, this could be curtains for Easyjet. I know it was a gamble to book through them for next year, but it might well not payoff now 
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
Didnt BA lose all their stored CC details rather than only about 2,000 for easyJet so the real impact of the easyJet breach although big in volume might be viewed as less serious?
And I think the BA headline fine might still be provisional and appealable?
Also these fines are usually a % of turnover so a similar % on easyJet might yield less £?
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
@eblunt, The BA customer data theft was back in August 2018. My BA/Amex card details were used last month in Recife, Brazil for some light shopping. Amex contacted me instantly, cancelled the card, replaced next day, adjusted my account to cover the thefts.
I've not used Easyjet for quite a few years now, so doubt if my card details are current. However, seeing as my BA/Amex card details were not flagged, but used 20 months after the BA hack, perhaps the card details remain "current" for the hackers for a long period of time.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
|
|
|
|
I had a card cancelled last year (whilst I was using it in Chx) because the provider had identified it as being on a compromised list.
Apparently the card companies go ut and buy lists off crims on the web to then pull the cards from circulation before they are too abused.
I'ld not had that particular card for long and have no idea when it got compromised. It was a card I used for foreign currency transactions only, but it had seen some hammer in NL, FR, IT, CH, BE, LU, so it could have been anywhere. I suspected web based use though which would have meant Easyjet (CHF) or CdMontBlanc (€).
TBH the Easyjet bit only just clicked with me as I was typing this. Dur... how dum am I? This was Nov'19 though. Mind you the report says EJ knew in Jan'20, but not specifically when the breach occurred, (unless I missed that on the lunchtime news).
|
|
|
|
|
|
|
|
|
@midgetbiker, I get the distinct impression that Amex knew my card details had been compromised 20 months ago.
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
I got an email last night from EZY confirming my name, email and travel details were hacked for flights booked between 17 Oct 2019 and 4 March 2020.
It states that my credit card and passport details were not accessed. Hopefully that’s true.
Their headline message is to be alert to phishing emails.
I’m wondering whether to cancel the credit card I used as an extra security measure.
|
|
|
|
|
|
|
|
|
@PeakyB, Same
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
Me too... Wish Easyjet had been a bit more concerned about their security levels... rather than now telling us to be wary of phishing threats...
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
|
@PeakyB, The crims may not use your card details for some time, assuming they have them. Crims will wait months before using just to see if the card has/not been cancelled. Probably best to inform your card issuer that there is a possibility of details being accessed.
|
|
|
|
|
|
|
|
| PeakyB wrote: |
I got an email last night from EZY confirming my name, email and travel details were hacked for flights booked between 17 Oct 2019 and 4 March 2020.
It states that my credit card and passport details were not accessed. Hopefully that’s true.
Their headline message is to be alert to phishing emails.
I’m wondering whether to cancel the credit card I used as an extra security measure. |
MeToo going to cancel card just in case.
|
|
|
|
|
|
You know it makes sense.
|
If you do cancel your card (as I will be given yesterday's easyJet email to me) just remember to check whether it's registered for any regular payments - the tricky ones are the annuals where a payment's not due for a while and you get a 'Your payment has been declined' message in 6-9 months time (usually when you're abroad on holiday or business and are left wondering WTF's happening ...). Plus those like Kindle, where you may use it irregularly.
It's also a wake-up call to reconsider the extent to which you do register your card with traders, as a convenience. Is the risk of it being compromised worth it to avoid the effort of entering the details each time?
You should at least know which traders your cards are registered with. So perhaps this is an opportunity to review that and rationalise which card you use for online purchases and whether you need to register it at all.
Also review what security you get with different cards: one thing I like about my Swiss UBS credit-cards is that you can set a limit for transaction approval - you get an in-banking-app message asking you to approve the purchase for anything above the ceiling you set. If you don't approve within a few minutes, the transaction is declined. This on the theory that if you're the actual person making the purchase, then you'll be aware of the imminent arrival of the approval message. I can also limit transactions to any country online, so I enable it for CH and France when I'm in CH and likely to be going over the border, but disable it for anywhere when I'm not.
Last edited by You know it makes sense. on Fri 22-05-20 9:46; edited 2 times in total
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
|
@LaForet, thanks for that prompt... just remembered the car insurance is going of the credit card that I was just issued a new one.
|
|
|
|
|
|
Poster: A snowHead
|
|
Thanks all, just cancelled my card to be on the safe side. Fortunately one I only use for holiday booking and spending. Not registered for regular payments with traders.
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
@LaForet,
A couple of "interesting" things I have learned from my IT Security work in the Payment and PCI data industry about long standing payments are:
1) The merchant can continue to debit the newly issued card even though the it has been re-issued as the underlying payment vehicle (customer account) is the same, and does not require re-authorisation. ( in the vast majority of cases)
Cancelling the card just prevents new transactions from being made.
This can get complicated though if the customer requires a refund, as the automatic refund often fails against the old card, and you have to go back the the Merchant and request ARNs ( Acquirer Reference Numbers ) which provide the receiving bank with a unique transaction ID for the reversal.
Much like the ATM Machine, and the PIN Number some people in finance call these ARN Numbers where they needlessly ( and wrongly IMHO) tack the last word onto the end of the TLA Acronym.
Not related, but I found it interesting, as it debunked one of my long held finance beliefs:
2) Cheques are valid longer than the 6 / 12 months ( whatever you want to believe ) from the date on the cheque.
It is really up to the originating bank to decide whether to honour it. If it has not been explicitly cancelled by the issuer, then normally its fine.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
Like @PeakyB, @WindOfChange, @colw,
I got the same email for EasyJet on Thursday late n the evening .. looking very official.
And I've had another on Wednesday that looks a bit iffy :
From donotreply@easyjet.com
IMPORTANT information about your easyJet flight [[ Reference ID: 149798101 ]]
Dear Customer,
Thank you for contacting easyJet and supporting us by selecting a Flight Voucher for your cancelled flight.
Due to the unprecedented scale of the COVID19 pandemic, we are receiving an incredibly large volume of requests, to be processed by a handful of available individuals. As such, processing your voucher is taking slightly longer than expected.
Please bear with us and rest assured that this will be processed within the next 28 days. We will email you with all voucher details as soon as this has been created for you.
The voucher is valid for 12 months from the date of issue. You do not need to travel before the expiry date, you can book onto any flights that are on sale when you are ready to use the voucher. Please see our full voucher terms and conditions here.
Kind regards,
easyJet Customer Services
fly us: www.easyJet.com
follow us: www.twitter.com/easyJet
friend us: www.facebook.com/easyJet
Mobile App
The thing is I've never requested for a voucher and I've had all my cancelled easyJet flights refunded in full.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
goodness I hate internet criminals I fly very often and whilst the main carriers provide a very good physical service the online payment arrangements are risky.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
| PeakyB wrote: |
I got an email last night from EZY confirming my name, email and travel details were hacked for flights booked between 17 Oct 2019 and 4 March 2020.
|
I made a flight booking with Easyjet (for next year's preBBWUW and Birthday Bash) on 10th April but haven't received any email, so I presume that the hack vulnerability was fixed by then.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
@Alastair Pink, likewise. I’ve heard nothing.
|
|
|
|
|
|
|
|
|
Same, nothing. I have a credit card booking with them made 17 April so also assume whatever was fixed by then. I have notifications turned on my MasterCard app so I know if the card is used.
|
|
|
|
|
|
|
|
|
Amazon are the worst as I have never discovered a way of not having my card details registered with them. Anyone else, I always tick the box that says "do not save my card details". You have to have some sympathy for companies as the fraudsters are probably more sophisticated than they and security software are - after all security software generally has to react asap to new threats. What should be banned by law is any company holding card data. I suppose the new rules when they are in of texting you and requiring a payment code should help - at the moment it seems a bit random as to when one is asked for an additional code and when one is not.
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
|
also booked in early May and no word from Easyjet. Password changed in case, previous booking was 2010.
|
|
|
|
|
|
|
|
@Alastair Pink Yeah; it looks like the actual hack was in January and they just took ages to get in touch with people. I got the email a few days ago.
Cyberscore isn't showing my data from the Easyjet hack as having been posted online yet, which is a good sign - they're normally pretty on it at spotting when hacked data goes up for sale/pasted somewhere online.
According to the BBC only a small number of people actually had card details taken (2000ish).
|
|
|
|
|
|
|
|
FAQ
