Skip to Content
Security & privacy

Major airline is asking customers to reset passwords after security breach

By now we all understand that online security is a bit of an oxymoron, in that whatever is on the internet is not exactly secure. Whether they directly affect us or not, online issues are pretty much a part of life these days.

Really, the most we can do is make sure to only provide our information to trustworthy outlets and even then, just hope for the best. Just when you think a place has to be secure, word comes out they had some sort of problem.

So when you sit back and think about how you haven’t heard of any online security problems for a bit, rest assured one will soon come. That’s the case now, and this time it hit the airline world.

Oh, Canada

Specifically, the airline affected is Air Canada. An alert from the company explained that they detected “unusual login behavior” with their mobile app between Aug. 22 and Aug. 24 of this year. Air Canada immediately took action, they wrote, to block the attempts.

They also implemented additional protocols to protect against future unauthorized attempts and, as a further precaution, locked all Air Canada mobile app accounts. The company said credit card data was not at risk, but that names, email addresses and phone numbers were.

Passport information could also have been at risk, although the Canadian government said the chance of a third party getting a passport in your name is low as long as you still have yours. Besides, the government requires more than just passport information to issue a new one.

While it seems like nothing incredibly terrible happened here, roughly 20,000 accounts were compromised. Air Canada began contacting affected customers through email on Aug. 29, informing them of what happened.

If you have not received an email that specifically advises of your account being compromised, that means they are confident yours was not affected. As a precaution, Air Canada issued a password reset for all of its app users, who will see a prompt to change it the next time they open the app.

There are roughly 1.7 million users of Air Canada’s Android, iOS and Blackberry apps. With so many people needing to change passwords, the process could take some time, Air Canada warned, which is why they are asking their customers for patience while assuring them their data is protected.

I have an Air Canada account, what should I do?

As noted, you will be prompted to reset your password when you log into the Air Canada app. Air Canada recommends you follow the instructions to do that, and ultimately choose a “robust” password when you reset it.

The airline company said Aeroplan passwords are not stored in the app, but as a precaution advise customers to review all transactions regularly and immediately report any irregularities or unfamiliar transactions.

They also want customers to regularly keep an eye on financial transactions as well as be aware of any changes in their credit rating. If something unusual pops up, they advise contacting your financial services provider.

Worried about a breach or hack? Keep these tips in mind

  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check HaveIBeenPwned – this site will tell you if your information has been stolen in a previous breach.
  • Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
  • Close unused accounts – Here’s an easy way to manage all of your online accounts at once.
  • Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
  • Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
  • Check email security settings – Make sure the email account associated with the hacked site has updated security settings.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook