On Friday, the German airline Lufthansa admitted that hackers gained access to individual customers' accounts on the company website LH.com.
Company representatives said that the airlines “had not been able to prevent illicit access to some customer files” and “we had to lock several hundred customer pages.” However, the company has since applied security countermeasures, and now, “We believe to have the problem generally under control.”
The hackers used the hijacked computers in a botnet to break into password-protected customer accounts via brute-force attacks — methodically trying every possible character combination until the correct password is found. The hackers then stole customers' frequent-flyer miles to redeem them for rewards.
However, Lufthansa says it has restored all stolen miles to customers' accounts.