Several Airlines Were Affected by the CardCrypt Vulnerability

Airlines and popular tourist attractions are supposed to represent a pinnacle of security whether we’re talking about actual physical security or credit card encryption. However, a security firm named Wandera has recently discovered that no less than 16 companies were affected by a credit card vulnerability named CardCrypt, which could have affected as many as 500,000 people. The airlines and attractions in question include Aer Lingus, Air Canada, EasyJet, AirAsia and even the San Diego Zoo. Apparently, when people purchased tickets for flights, flight upgrades or attractions,  unencrypted card details of customers were sent via mobile apps and websites, which means that the data could have been intercepted while it was on its way to the companies’ servers.

Wandera’s representatives have warned that the data in question could be used to steal money or even identities. Customers who ordered tickets for the San Diego Zoo might have been affected by the credit card vulnerability, but things are looking worse for airline clients, as their passport details might also be in the wrong hands. Apparently, the companies in question were not using the https secure protocol. The CEO of Wandera, Eldar Tuvey, has stated the following:

“We believe there are two likely reasons why HTTPS has not been used, everywhere at all times. It could be a flaw in the coding, or it could be a case of relying on inadequate third party services or libraries. Either way, it’s astounding to me that these companies have failed to exercise sufficient care in the collection of their customers’ personal data.”

That being said, it’s also worth noting that there’s no information at this point that could confirm whether the data was intercepted at all. All of the companies in question have been contacted by the security firm, but none of them have issued an official statement at the time of writing.