From theregister.co.uk
British Airways’ horror hack is worse than first thought: the world’s favorite airline has added 185,000 cardholders to the pile of 380,000 potentially caught up in the IT security breach.
In September, it emerged that hackers spent two weeks slurping the personal and payment card data of people who booked travel via BA’s website and mobile application. As many as 380,000 payment cards, and their owners’ personal info, were exposed to the intruders.
Almost immediately, security experts identified the techniques behind the cyber-theft: devilish, information-siphoning code inserted into third-party JavaScript libraries used by BA’s website and app payment-processing pages. Essentially, as sensitive info was typed in and submitted by customers, their details were copied by malicious JS code, and sent off into the hands of crooks.