A cyber-security firm says it has found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.
A RiskIQ researcher analysed code from BA’s website and app around the time when the breach began, in late August.
He claims to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.
The BBC has contacted BA for comment.
A very similar attack, dubbed Magecart, affected the Ticketmaster website recently, which RiskIQ says it also analysed in depth.
The company says the code found on the BA site is very similar, but appears to have been modified to suit the way the airline’s site was designed.
“This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” the researcher wrote in a report on the findings.
“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”
More to follow