Air France and KLM have disclosed a data breach involving the ShinyHunters hacker group, which gained access to customer data through their customer service platform. The compromised information includes personal details such as names, emails, phone numbers, loyalty program information, and recent transactions. Although no financial details were stolen, experts warn that this data is highly valuable for cybercriminals. The airlines have taken steps to secure their systems and advise affected customers to remain vigilant. The breach is part of a broader pattern of attacks by ShinyHunters, who have targeted major global brands using AI-powered social engineering techniques. Experts emphasize the growing threat of AI-driven impersonation and the importance of robust cybersecurity measures to protect against such threats.
Authorities in France and the Netherlands have been notified, and impacted customers are being advised to stay alert. The airlines stated that they acted swiftly to cut off the attackers’ access and have implemented measures to prevent future incidents. Their internal systems remain secure, and they have informed affected customers about the breach, urging them to be cautious of suspicious communications. The breach highlights the increasing sophistication of cyber threats and the need for enhanced security protocols in customer service platforms.
Ricardo Amper, CEO of Incode Technologies, a global leader in identity verification and AI-powered fraud prevention, has commented on the shift in cyberattack strategies. He notes that hackers like ShinyHunters are moving towards AI-amplified social engineering, exploiting third-party platforms where human oversight is weak. Amper highlights that these attackers are not only stealing data but also using generative AI to create convincing impersonations, making it difficult for even experienced employees to detect fraudulent activities. The use of AI tools allows attackers to mimic real individuals with high accuracy, posing a significant risk to customer service representatives and other frontline staff.
The breach underscores the vulnerability of customer service portals, which often contain a wealth of personal information and the ability to reset accounts or override security settings. These systems are particularly attractive to hackers due to the lack of robust security controls, making them accessible with partial user information. Experts warn that the stolen data can be converted into profit, with attackers using it to impersonate customers and access other accounts. The data profiles can also be sold on the dark web, enabling further targeted scams and identity theft. Amper emphasizes that post-breach, scammers often send fake alerts tailored to the victim, exploiting urgency to trick users into clicking malicious links.
To protect against such threats, cybersecurity experts recommend several measures, including the use of app-based authentication, security keys, and biometrics. Strong antivirus tools are also advised to block phishing attempts and malware. Customers are urged to monitor their accounts regularly for unusual activity and to avoid reusing passwords across different accounts. Additionally, services that monitor for dark web activity and identity theft detection can provide added protection. These measures are crucial in mitigating the risks associated with data breaches and safeguarding personal information in an increasingly digital world.