Skip to content

April 7, 2018

Infected online chat service stole payment info at Best Buy, Delta, Sears, more

by John_A

Online chat service provider [24]7.ai, used by Delta, Best Buy, and numerous other companies faced a “cyber incident” from September 26 to October 12, 2017. The company didn’t notify its list of clients until last month, stating that hackers may have accessed “certain customer payment information.” SkyMiles, personal data, passport details, and other similar information was not compromised. 

In response, Delta said it took immediate action to assess the possible damage. 

“Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system,” Delta stated. “We also engaged federal law enforcement and forensic teams and have confirmed that the incident was resolved by [24]7.ai last October.” 

[24]7.ai discovered malware collecting payment information in its software on October 12, 2017. The chat service provider implemented a fix immediately, and then conducted an internal investigation with forensics and law enforcement between November 2017 and March 2018. Delta didn’t know about the incident until March 28 and removed the chat tool from its website the next day. Both [24]7.ai and Delta informed the public on April 4. 

The hack possibly affects only a “small subset” of Delta’s customers, but the company can’t confirm if customer data was actually accessed by hackers and compromised. The investigation is ongoing, thus Delta launched a dedicated website to provide the latest developments in the [24]7.ai attack. 

Delta’s site specifically states that malware present in software used by [24]7.ai potentially exposed payment information of several hundred thousand customers using Delta’s PC-accessed website. Even more, customers didn’t have to interact with the chat tool to be hit by the hack. The attack did not affect the Fly Delta app, the mobile website, or Delta’s computers. 

So what did the hackers obtain? Customer names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers who used the Delta Wallet service weren’t affected, as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information. 

“Delta will be working diligently to directly contact customers, including by first-class postal mail, who may have been impacted by the [24]7.ai cyber incident,” Delta states. “Delta will also launch a dedicated phone line and website for the small subset of customers who were impacted so we can address their concerns.” 

Other companies affected by the [24]7.ai cyber incident include Best Buy, Boeing Co., Hudson Bay Co., Sears Holdings Corp., Under Armour Inc., and more. Sears said it wasn’t notified of the breach until mid-March and believes that the hack affected less than 100,000 customers. Upon notification, Sears informed credit card companies to prevent possible fraud. 

“Customers using a Sears-branded credit card were not impacted,” the company states in a blog. “In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.” 

Best Buy says only a small fraction of its online customer population “could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” 

Editors’ Recommendations

  • Hackers could have credit card numbers of 880,000 Orbitz users
  • Hackers seize Atlanta’s network system, demand $51,000 in Bitcoin as ransom
  • Hackers are now favoring ransomware over personal data theft
  • From pranks to nuclear sabotage, this is the history of malware
  • BitGrail cryptocurrency exchange loses $170 million in Nano tokens


Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: