British Airways apologizes after 380,000 customers hit in cyber attack

Commuters pass a British Airways advert on the tube at Canary Wharf station in London, Britain September 7, 2018. REUTERS/Kevin Coombs

By Paul Sandle

LONDON (Reuters) – British Airways was forced to apologize on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.

The airline discovered on Wednesday that bookings made between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street, and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.

The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Shares in BA’s parent, International Airlines Group, were down 2 percent in afternoon trading on Friday.

Cruz said the carrier was “deeply sorry” for the disruption caused by the attack which was unprecedented in the more than 20 years that BA had operated online.

He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.

“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio.

IT security company Avast said that based on the limited information available the attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen.

“Quite often, when it’s just a hack of a database somewhere it is hard to identify when something has been compromised,” Avast’s consumer security expert Pete Turner said.

“This feels much more like a transaction-type attack, where data is moving about within the system.”

COMPENSATION

The British government said authorities including the National Cyber Security Centre and the National Crime Agency were working to establish what had happened.

The country’s Information Commissioner’s Office said it had been alerted by BA and it was making inquiries. Under new GDPR data regulations, companies must inform regulators of a cyber attack within 72 hours.

BA advised customers to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday.

Cruz said anyone who lost out financially would be compensated by the airline.

Data security expert Trevor Reschke said that like any website which sees large volumes of card transactions, BA was a ripe target for hackers.

“It is now a race between British Airways and the criminal underground,” said Reschke, head of threat intelligence at Trusted Knight.

“One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh.”

NatWest, one of Britain’s biggest card issuers, said it was receiving higher-than-usual call volumes because of the breach.

It said in a recorded message that its security systems would likely stop any fraud as a result of the hack but anyone affected should look out for unusual activity on their accounts.

IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.

After the computer system failure in May 2017, BA said it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier’s IT systems.

(Reporting by Paul Sandle and James Davey in London and Sangameswaran S and Rama Venkat Raman in Bengaluru; Editing by Keith Weir)

Amazon’s automated grocery store of the future opens Monday

By Jeffrey Dastin

SEATTLE (Reuters) – Amazon.com Inc will open its checkout-free grocery store to the public on Monday after more than a year of testing, the company said, moving forward on an experiment that could dramatically alter brick-and-mortar retail.

The Seattle store, known as Amazon Go, relies on cameras and sensors to track what shoppers remove from the shelves, and what they put back. Cash registers and checkout lines become superfluous – customers are billed after leaving the store using credit cards on file.

For grocers, the store’s opening heralds another potential disruption at the hands of the world’s largest online retailer, which bought high-end supermarket chain Whole Foods Market last year for $13.7 billion. Long lines can deter shoppers, so a company that figures out how to eradicate wait times will have an advantage.

Amazon did not discuss if or when it will add more Go locations, and reiterated it has no plans to add the technology to the larger and more complex Whole Foods stores.

The convenience-style store opened to Amazon employees on Dec. 5, 2016 in a test phase. At the time, Amazon said it expected members of the public could begin using the store in early 2017.

But there have been challenges, according to a person familiar with the matter. These included correctly identifying shoppers with similar body types, the person said. When children were brought into the store during the trial, they caused havoc by moving items to incorrect places, the person added.

Gianna Puerini, vice president of Amazon Go, said in an interview that the store worked very well throughout the test phase, thanks to four years of prior legwork.

“This technology didn’t exist,” Puerini said, walking through the Seattle store. “It was really advancing the state of the art of computer vision and machine learning.”

“If you look at these products, you can see they’re super similar,” she said of two near-identical Starbucks drinks next to each other on a shelf. One had light cream and the other had regular, and Amazon’s technology learned to tell them apart.

HOW IT WORKS

The 1800-square-foot (167-square-meter) store is located in an Amazon office building. To start shopping, customers must scan an Amazon Go smartphone app and pass through a gated turnstile.

Ready-to-eat lunch items greet shoppers when they enter. Deeper into the store, shoppers can find a small selection of grocery items, including meats and meal kits. An Amazon employee checks IDs in the store’s wine and beer section.

Sleek black cameras monitoring from above and weight sensors in the shelves help Amazon determine exactly what people take.

If someone passes back through the gates with an item, his or her associated account is charged. If a shopper puts an item back on the shelf, Amazon removes it from his or her virtual cart.

Much of the store will feel familiar to shoppers, aside from the check-out process. Amazon, famous for dynamic pricing online, has printed price tags just as traditional brick-and-mortar stores do.

(Reporting by Jeffrey Dastin in Seattle; Editing by Jonathan Weber and Rosalba O’Brien)

After massive quakes, millions in Mexico turn to early warning app

After massive quakes, millions in Mexico turn to early warning app

By Sheky Espejo

MEXICO CITY (Reuters) – Since two massive earthquakes hit Mexico in September, claiming more than 460 lives, an early warning start-up called SkyAlert has doubled its users to 5.8 million, making it one of the country’s most downloaded apps.

SkyAlert has also found a market selling alarms to small businesses in the capital, said its co-founder and director Alvaro Velasco. And it is looking to expand to Latin America, mainly Colombia, Peru and Chile, which lack an official alerting system despite frequent quakes in those countries.

Velasco said that he and SkyAlert co-founder Alejandro Cantú are talking to investors from Mexico and elsewhere about raising 100 million pesos ($5.35 million) in capitalization in 2018.

He said the surge in users after the most recent deadly quake in Mexico City had heightened the interest of existing investors including U.S.-based American Messaging and attracted interest from two Mexico-based private equity funds.

American Messaging did not respond to requests to comment on any potential new investment.

Velasco said SkyAlert was in talks with those funds and existing investors to inject around 20 million pesos (1.05 million dollars) into SkyAlert.

Still, finding a sustainable business model for the quake monitoring app has been a challenge partly because recent regulation in Mexico City has limited SkyAlert’s ability to access funds through public financing.

MAKING A PROFIT NOT EASY

Shomit Ghose at Onset Ventures, a U.S. private equity company with experience in software start-ups, said quake apps have struggled to get adequate financing because of the lack of a clear path to profits.

“If the business model is B2B where the earthquake early-warning is sent to companies, or railways, or hospitals, or high-buildings then perhaps a strong B2B case can be made for start-up investment,” Ghose said.

SkyAlert’s predicament echoes that of companies seeking funding to develop earthquake alert apps in the United States. Seismic activity is hard to monetize without government support.

It competes with its former partner, Mexico’s official alerting system run by government-funded non profit CIRES, which was created after an earthquake in 1985 killed thousands in the country.

One of the world’s few widely deployed seismic alarms, CIRES runs a network of sirens positioned around Mexico City that warn of a coming quake. SkyAlert mainly warns people through a mobile app.

Both sell quake warning systems, but a 2016 regulatory reform requires public buildings in Mexico City to purchase alarm systems from CIRES, limiting SkyAlert’s public financing.

SkyAlert initially replicated CIRES’ alerts, but in 2015 it decided to deploy its own detection sensors to increase coverage with greater accuracy, Velasco said.

“After a few false alerts from CIRES that affected SkyAlert’s credibility, we decided to invest in our own technology,” he said.

SkyAlert also is exploring ways to monetize its free app.

Currently, it sells a “premium” version for $4 a year that allows users to personalize alerts. However, Mexico has an average per capita income of $8,200, and the company said only around 4 percent of users pay for it.

Velasco said SkyAlert’s revenue is split fairly evenly between those fees and income from selling to businesses.

The newest version of the app allows for paid advertising, but ads would not be visible during a seismic alert.

SkyAlert, founded in 2011, has few peers, but one similar service in Japan is called YureKuru Call, which relies on government seismic data. YureKuru has received some government funding on an ad-hoc basis, but like SkyAlert is mostly funded by fees, said Rina Suzuki, an official at RC Solution Co., the Tokyo-based firm that developed YureKuru.

Detection technologies are evolving and they are all perfectible, Jennifer Strauss, external relations officer at the Berkeley Seismology Lab told Reuters.

“In the end, what matters is how effective they are at alerting people to save lives,” said Strauss.

(Additional reporting by Christine Murray in Mexico City and Minami Funakoshi in Tokyo; Editing by Frank Jack Daniel and Diane Craft)

Anti-Putin protesters get a smart phone app to help get out of jail

Alexander Litreev, developer of the "Red Button" phone application used to tackle police detention of protesters at demonstrations across the country, poses for a picture in Moscow, Russia, April 26, 2017. REUTERS/Sergei Karpukhin

By Parniyan Zemaryalai

MOSCOW (Reuters) – Anti-Kremlin protesters who run the regular risk of being detained by the police are being given a helping hand: A smart phone app that allows them to instantly inform others where and when they have been arrested.

Russia faces a presidential election next year, which Vladimir Putin is expected to contest, and was last month shaken by large anti-government protests. More are planned.

The result of a collaboration between a Russian firm, a human rights group and an opposition movement, the notification system, called Red Button, automatically transmits the location and emergency contact details of a detained protester.

That, says its St Petersburg-based developer Alexander Litreev, should allow others to act quickly to help free them as it will include details of the police station where the individual is being held.

“Using this information, human rights defenders can help this person in some way, like sending him a lawyer,” Litreev told Reuters in an interview.

“When I see that people are being detained and experiencing violence at the hands of the authorities, and people can’t do anything about it, I think this must be fought against,” he said.

Litreev said he sympathized with the country’s liberal opposition and sometimes attended protests himself.

President Vladimir Putin remains by far the most popular politician in Russia, but opponents argue he keeps a check on dissent through control of the media, especially television, and limiting protest.

In developing the app, he partnered with the Open Russia foundation, founded by Kremlin critic Mikhail Khodorkovsky, and OVD-Info, a human rights organization that monitors detentions.

The app will also allow observers to track how protests unfold as it is linked to a special Twitter page that will generate maps and notifications.

It is currently available for devices on iOS and Android and, according to Litreev, some 4,000 users have already downloaded the app, which is free. A version for Windows will launch in the summer.

The alert system is due to go live on April 29 — the day when Open Russia has called for nationwide demonstrations against the government. Another protest, organized by opposition politician Alexei Navalny, is scheduled for June 12.

(Editing by Andrew Osborn and)

Bible App Reveals Most Searched Verses in 2014

The YouVersion Bible app has released a list of the most searched Bible verses during the year 2014.

According to all searches, Romans 12:2 is the verse read more than any other:

“Do not be conformed to this world, but be transformed by the renewal of your mind, that by testing you may discern what is the will of God, what is good and acceptable and perfect.”

The administrators of the program say that 164 million smartphone and tablet users around the world have downloaded the YouVersion Bible app.  87 percent of Christians worldwide who have internet access have been reached by the app.

Philippians 4:8 and Philippians 4:6 finished second and third in the list.  The number four verse on the list, Jeremiah 29:11, was most popular in Canada, the U.K., Australia and South Africa.

The app’s creators hope to have the ability to reach all 6,901 languages in the world through a program called Every Tribe Every Nation.