New Zealand’s flag carrier, Air New Zealand (Air NZ), has suffered a security breach that resulted in threat actors gaining access to customer accounts.

In the security breach, threat actors performed credential-stuffing attacks to gain unauthorized access to customer accounts. A credential stuffing attack is performed by trying compromised credentials until the targeted system is logged in.

Following the detection of the security breach, Air New Zealand officials stated that the breach did not affect any of the company’s systems, but only individual customer accounts were affected. Upon the relevant explanation, customer accounts were blocked, and customers were contacted to change their login information before using the Airpoints system again.

Logging in to more than one platform with the same login information and not enabling MFA/2FA authentication mechanisms on the platforms cause such attacks to be seen frequently. In this context, it is recommended to consider the following security recommendations not to be the target of similar attacks.

The same username and password should not be used in more than one online session,
The login information should be created by applying unique and strong password policies.
Air NZ customers should be aware of the data that could be leaked to the internet in this breach and used in various phishing/social engineering attacks.

Air New Zealand Suffered A Security Breach

Perspective of the Month | APT Groups

BellaCiao: The New Malware From Iran’s Charming Kitten

Security News Digest | Security Newsletter | April 27, 2023

Cyber Security Trends in 2023: What You Need to Know

We know what hackers know about you

Solutions

Use Case

Partners

Company