Air Canada’s app has suffered a data breach resulting in the suspected loss of thousands of its customers’ personal details.
The airline has warned that users who had entered their passport details into the product may have had that data stolen.
Experts warn that the theft of such information would pose a serious ID fraud risk.
The firm has also been criticised for its relatively weak password system.
Although it is not clear how the breach occurred, one cyber-security specialist highlighted that Air Canada’s website still says account passwords should contain between six and 10 characters and that it only accepts letters and numbers, but no other symbols.
“Many users will choose short and easily guessable passwords,” commented Amit Sethi, a security consultant at Synopsys.
“Moreover, users that want to use strong passwords cannot do so.”
According to the Canadian government’s own cyber-security advice, all passwords should “include at least one character that isn’t a letter or number” and be a minimum length of eight characters.
The firm said it has adopted “improved password guidelines”.
