The attackers managed to gain access to individual passenger accounts on company’s website LH.com,German flag carrier Lufthansa confirmed Friday.
The airline has taken prompt countermeasures, but it “had not been able to prevent illicit access to some customer files,” according to company’s representatives.
“We had to lock several hundred customer pages,” a Lufthansa spokesman told DPA news agency after widely-read German magazine Der Spiegel broke the story.
However, the spokesperson stressed there was no data leak from Lufthansa’s system.
“We believe to have the problem generally under control,” he said.
First-class under attack
The hackers used a so-called bot net, where thousands or even millions of computers simultaneously generate random names and passwords until the right combinations are found, according to an article published in Der Spiegel on Friday.
After breaking into company’s database, the hackers used frequent-flyer miles to obtain vouchers and redeem rewards, especially those which don’t need to be delivered by mail.
The company also confirmed that a “small, single-digit number” of Lufthansa’s top client accounts from the so-called HON-circle had also been hacked. The airline’s HON-circle includes frequent flyers in the Business and First Class.
The account information of all of the customers had been changed after the cyber-attack and the miles have been restored, the company representatives said.