Hijackers stole airlines' customer lists

Australian airline Qantas announced yesterday that data belonging to 5.7 million customers stolen in a major cyberattack this year had been shared online, part of a breach affecting dozens of companies. Disney, Google, IKEA, Toyota, McDonald's and other airlines Air France and KLM also reportedly had their data stolen and held for ransom in a cyberattack targeting software firm Salesforce. Salesforce said this month that it was "aware of recent extortion attempts by threat actors."

Qantas confirmed in July that hackers targeted one of its customer contact centres and breached a computer system used by Salesforce, a known third party.

"SENSITIVE" INFORMATION AVAILABLE The Australian blue-chip company said it had gained access to sensitive information such as customers' names, email addresses, phone numbers and birthdays. There have been no further breaches since then and the company is cooperating with Australian security services. "Qantas is one of the global companies whose data has been leaked by cybercriminals following a cyberattack in early July in which the airline's customer data was stolen via a third-party platform," the company said in a statement.

The company stated that most of the leaked data included names, email addresses, and frequent flyer information.

But some of the data included customers' "work or home address, date of birth, telephone number, gender and food preferences." Qantas said: "No credit card information, personal financial information or passport information was affected."

He also stated that the company had obtained a legal injunction from the Supreme Court of New South Wales, where it is headquartered, to prevent the stolen data from being "accessed, viewed, published, used, transmitted or broadcast." THEY USED SOCIAL ENGINEERING TECHNIQUE

This will do little to prevent the spread of data, cybersecurity expert Troy Hunt told AFP.

"Google responded to the event, conducted an impact analysis, and sent email notifications to potentially affected businesses," said Melanie Lombardi, Head of Security Communications at Google Cloud.

Cybersecurity analysts have linked the attack to cybercriminals known as Scattered Lapsus$ Hunters. Research group Unit 42 said in a note that the group "claimed responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom." The hackers reportedly set an October 10 deadline for ransom payments. Experts said the hackers stole the sensitive data using social engineering, a tactic of manipulating victims by impersonating a company representative or another trusted person.

The FBI issued a warning last month about such attacks targeting Salesforce.

The agency said hackers posing as IT employees tricked customer support staff into granting them access to sensitive data.