John Paul M. Joaquin Tech 01.06.2023 22:Jan PM EST

Air France, KLM Inform Flying Blue Customers of Recent Account Hack

Air France and KLM Flying Blue customers may want to fix

The two airliner companies recently notified its Flying Blue loyalty customers of a recent data breach that may have exposed their personal information.

Flying Blue is the loyalty program of Air France, KLM, and other airliner companies, including Transavia, Aircalin, and Kenya Airways, per its official website.

Air France, KLM Data Breach Details

Air France and KLM mentioned in the notification it sent to its affected customers that their security operations teams had detected suspicious behavior by an unauthorized entity regarding their accounts, per Bleeping Computer.

Unfortunately, both companies mentioned that the entity in question managed to acquire customers' data before they implemented corrective actions that prevented the entity from obtaining more of their customers' data.

According to Jeroen Burgerhout's screenshot of the notification, which they posted on Twitter, the unauthorized entity maned to acquire the following information about affected customers:

First and/or last names
Flying Blue number and level
Miles Balance
Phone Number
Email address
Latest Transactions

Burgerout is a KLM Flying Blue customer also affected by the entity's account hack.

Fortunately, the entity was unable to obtain the affected customers' credit card and/or payment information, and the companies' Information Security department is taking preventative actions to protect affected customers' accounts from any further suspicious activity.

Meanwhile, KLM mentioned on its official Twitter account that the account hack was blocked in time, and no miles were charged. However, the company does encourage affected customers to change their Flying Blue password through its official website to prevent any more unauthorized access to their accounts.

Affected Flying Blue customers must change their accounts' passwords on Air France's and KLM's official websites if they want to restore their access to them. Both companies had locked their affected customers' accounts due to the breach.

To do so, affected customers are requested to go to their respective airliner company websites and select "Forgot Password" on the login page to create a new password for their account and restore access to it.

Air France, KLM, and their Flying Blue loyalty program assure customers that they take the protection of their personal data "very seriously."

The two companies have yet to address the matter on their respective websites.

Customer Reception Of The Leak

Following Burgerout's screenshot of the message, many Flying Blue customers have also reported having acquired the same email. However, that is not the only issue Flying Blue customers have in mind.

Burgerhout noted that they could only create a 12-character password to regain access to and secure their own account.

As such, the lack of two- or multi-factor authentication makes the idea of another unauthorized entity hacking into Air France and KLM's Flying Blue loyalty program again to illegally access and acquire customers' personal data likely.

Air France and KLM have yet to address this lack of account security options on their official websites and in the comment section of Burgerhout's tweet.