Air France and KLM have confirmed a significant data breach impacting customer accounts. The notorious hacking group known as ShinyHunters has been linked to the security incident.
The airlines’ IT security teams identified unauthorized access to a third-party platform used for customer service. This exposure resulted in the compromise of personal client information.
Stolen data includes full names, email addresses, and phone numbers. Additionally, details related to the Flying Blue loyalty program, such as recent transactions and account balances, were exposed.
Air France and KLM have stated that no sensitive payment information was accessed during the event. Relevant authorities in both France and the Netherlands have been formally notified of the breach.
The Growing Threat to Customer Service Channels
This incident highlights a broader trend where cybercriminals target corporate customer service systems. Experts note that hackers often employ credential stuffing attacks, using previously stolen username and password combinations to gain access to new accounts.
Ricardo Amper, CEO of Incode Technologies, described the stolen personal data as a “gold mine” for criminals. This information is frequently sold on the dark web or used to orchestrate sophisticated phishing scams and monetize loyalty program benefits.
AI Arms Race in Cybersecurity
The attack on the airlines is part of an alarming wave of cyberattacks that increasingly leverage artificial intelligence. Amper warns of an “AI arms race,” where threat actors use advanced technology to bypass security measures.
Hackers are now capable of using AI to amplify social engineering tactics. These systems can impersonate legitimate customers with frightening accuracy, deceiving customer service representatives in as little as 10 to 20 seconds.
This evolving method allows criminals to manipulate support staff into providing access to sensitive accounts or personal information. The sophistication of these AI-driven impersonations presents a formidable challenge for corporate security teams worldwide.
