SCHIPHOL - Hackers managed to break into Flying Blue, the frequent flyer program used by KLM and Air France. The hackers may have gained access to members’ personal data and travel information. NL Times reviewed a message sent by Flying Blue, which stated, “Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account.”
According to the letter, customers’ first and last names may have been accessed by hackers, as well as other private data, including their phone number, email address, and recent transaction history. Data specific to the Flying Blue program may also have been accessed, including the customers’ Flying Blue numbers, their frequent flyer status level, and miles balance.
“We have immediately implemented corrective action to prevent further exposure of your data,” the letter said. “No credit card and/or payment information was exposed.”
Several customers complained on social media about the airline group’s handling of the incident. They noted that email made it seem like the airline group successfully fended off the attack when in reality, a wide range of personal information may have leaked out. Critics also pointed to the frequent flyer group’s lack of more secure login measures, such as 2FA, and a 12-character limit to the length of passwords.
The complaints on social media also revealed that not all Flying Blue customers were notified of the hack. One customer noted on Twitter that Flying Blue’s message looked like a phishing email. “Air France-KLM, what happened, guys? If you got hacked, we should know.”
The Flying Blue program boasts 17 million members. It is the primary frequent flyer program for KLM, Air France, and Transavia, as well as Aircalin, Kenya Airways, and Tarom.