Supplier in £100,000 hack left client passwords on network

A hacker who broke into the IT systems of leading travel operators and programmed their systems to issue more than £100,000 in...

A hacker who broke into the IT systems of leading travel operators and programmed their systems to issue more than £100,000 in fraudulent credit card refunds, may have had access to lists of passwords kept by the travel firms' software supplier.

Anite Travel, which supplied ferry booking software to the companies that were hacked, is investigating the theory that current or former members of staff may have passed copies of the password list to the hacker, who appears to have been acting on inside information.

About 70 or 80 IT and technical staff in Anite Travel would have had access to an unencrypted file containing details of the passwords and the phone numbers used to access their systems.

"Anyone can copy a single file from an unprotected network share and have all the customer modem numbers and access passwords. An unhappy worker could mail this out," said one source.

One theory is that the lists could have been sent out by a current or former member of staff using an Internet chat service.

The disclosure has highlighted concerns about poor security in the travel industry, which relies on systems and technologies long since abandoned by other sectors of the economy.

"The password list is obviously very important to their customers. One would have thought it would not be on a network at all and it would be in encrypted form," said Peter Sommer, a security expert.

The hacker used software from the Internet, Zap2, to delete his log files and cover his tracks, it emerged.

Anite Travel declined to comment.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close