Pierluigi Paganini
June 27, 2017
UK car insurance company AA accidentally sent out a “password update” email to its customers, the messages led the motorists to log into the motoring organization’s website to change their passwords. The concurrent access of a so large number of customers crashed the AA servers, then its customers couldn’t access their profiles, believing their accounts were compromised by hackers.
In reality, the incident was caused by a human error, according to AA no passwords had been changed and people couldn’t access their account because the server was flooded with access requests.
The AA company reassured its customers by confirming that the change password messages were sent out for error.
The email was sent by us, but in error. Your password hasn't been changed, and your data remains secure. Sorry for any confusion.
— The AA (@TheAA_UK) June 26, 2017
In a first time, the company confirmed that something of strange was happening to its customers, the message it posted on Twitter led use into believing that its customers were targeted by a phishing campaign.
We’re aware an email has been sent to members re password change Please don’t ring the number in the email. We’re looking into this urgently
— The AA (@TheAA_UK) June 26, 2017
Further investigation revealed the password reset messages were triggered by an error made by an internal,
Summarizing, if you are an AA customers ignore the password reset message sent by the company.
[adrotate banner=”9″]
(Security Affairs – AA company, password reset)
[adrotate banner=”13″]
