14 DAY TRIAL // The website of Malaysia Airlines has been compromised in a cyber-attack claimed by members of Lizard Squad and Cyber Caliphate hacker outfits.
For some time, the main page of the airline company displayed an error message indicating that its content could not be reached.
Company says client data is safe
The complete message read “404 – Plane Not Found” and included the image of a lizard in tuxedo wearing a top hat and a monocle, a picture associated with the Lizard Squad group.
The hackers took responsibility for the attack on Twitter, saying that they also managed to access protected user information available on the company’s servers.
Malaysia Airlines confirmed the incident but stated that its web servers remained unaffected.
In a message posted on Facebook, the company states that “its Domain Name System (DNS) has been compromised where users are re-directed to a hacker website when www.malaysiaairlines.com URL is keyed in.”
It also adds that the glitch does not affect bookings and that customer data remains intact. “Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured,” the company says.
Hackers claim they have stolen client data
On the other hand, Lizard Squad tweeted that they would soon dump some of the details they took from the company’s servers. They also published a link to a picture supporting their breach claims, but the image is no longer available at the indicated location.
It is unclear what kind of information the hackers may have taken from the machines of the company, or how they managed to reach it.
The hackers did not provide any motivation for targeting Malaysia Airlines, but it appears that the 404 error page had several variants, including one that featured the message “ISIS will prevail” as the web browser tab title.
At the moment, the website of the airline company displays normally and the problems seem to have been solved. However, it remains to be seen if the hackers have compromised only the DNS and did not manage to breach the servers and extract sensitive customer information.
When accessing the website for the first time, a message is displayed, informing the visitor that the collection and disclosure of personal data is in agreement with the Malaysian Personal Data Protection Act.
“Malaysia Airlines shall ensure that the collection, use and disclosure of your personal data is consistent with the 2010 ('PDPA') and the relevant Privacy Laws in place in each jurisdiction that Malaysia Airlines operates in,” the text reads.
[MEDIA STATEMENT]: We would like to point out that @MAS is lying about user data not being compromised. Refer to earlier imgur link.
— Lizard Squad (@LizardMafia) January 26, 2015
Going to dump some loot found on http://t.co/D9XYneQoaK servers soon
— Lizard Squad (@LizardMafia) January 26, 2015
