Following a massive security breach that left the data of 380,000 British Airways customers compromised, cybersecurity firm RiskIQ has now found that it took hackers a mere 22 lines of code to steal the data.
Meanwhile, UK law enforcement agencies, including the National Crime Agency and the National Cyber Security Centre, are still continuing their investigations into the hack.
Here are the details.
Personal and financial details of customers were compromised
"The personal and financial details of customers making bookings on our website and app were compromised. The breach has been resolved and our website is working normally. We've notified the police and relevant authorities," British Airways had said after the breach.
RiskIQ thinks a group called Magecraft was responsible
Drawing on earlier experience, RiskIQ speculated that a hacker group called Magecart was behind the British Airways hack.
Magecraft was also responsible for the Ticketmaster UK hack earlier this year, which saw the data of 400,000 customers getting compromised.
Notably, Magecraft's modus operandi involves injecting lines of malicious code into payment forms - an MO which was abundantly clear in the British Airways hack.
The Magecraft hacker group has been active since 2015
"The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximize the return on their efforts," said RiskIQ in a statement.
How the hackers managed to steal user data
The modification allowed BA customers' data to be uploaded to the hackers' servers any time someone clicked the 'Submit' button on a payments form.
The hack has landed British Airways in trouble
Several experts have noted that the British Airways should have detected the change to its code on its production server.
The hack has landed the airlines in a fix, and a law firm called SPG law is currently contemplating suing BA for £500 million - it has already put up a dedicated website where affected users can make a claim.