Air New Zealand is taking action after customer accounts were targeted in a credential stuffing attack where the threat actor used email and password information from another breach to get into Air NZ accounts. Officials for Air New Zealand have reassured that the company’s systems were not affected and this instance was an attempt to access information within specific accounts. At this time, Air New Zealand does not believe any sensitive information was accessed, and no fraudulent transactions have occurred. Impacted individuals have been locked out of their accounts and will not be able to access them until their credentials are changed.
Credential stuffing attacks highlight the importance of taking proper measures to ensure accounts are secured. Individuals should use strong and unique passwords for each account that requires them, especially for those that contain sensitive information. Taking advantage of Multi-Factor Authentication when it’s offered is also strongly suggested