Air Canada forced 1.7 million mobile app app users to reset their passwords. Airline detected unusual login behavior that may have exposed 20,000 accounts, including customers’ passport details. Air Canada has attempted to allay customers’ worries over leaked passport data, saying the risk of a third party taking passport data is low if people still have the passport. Credential-stuffing attack suggests that Air Canada was struck by a large credential stuffing attack, expert says. Many online service providers try to avoid user-wide password reset because it frequently irritates users.”]
Source: https://www.govinfosecurity.com/air-canada-attack-exposed-20000-mobile-app-users-data-a-11441