Skip to main content

Infected online chat service stole payment info at Best Buy, Delta, Sears, more

Online chat service provider [24]7.ai, used by Delta, Best Buy, and numerous other companies faced a “cyber incident” from September 26 to October 12, 2017. The company didn’t notify its list of clients until last month, stating that hackers may have accessed “certain customer payment information.” SkyMiles, personal data, passport details, and other similar information was not compromised. 

In response, Delta said it took immediate action to assess the possible damage. 

“Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system,” Delta stated. “We also engaged federal law enforcement and forensic teams and have confirmed that the incident was resolved by [24]7.ai last October.” 

[24]7.ai discovered malware collecting payment information in its software on October 12, 2017. The chat service provider implemented a fix immediately, and then conducted an internal investigation with forensics and law enforcement between November 2017 and March 2018. Delta didn’t know about the incident until March 28 and removed the chat tool from its website the next day. Both [24]7.ai and Delta informed the public on April 4. 

The hack possibly affects only a “small subset” of Delta’s customers, but the company can’t confirm if customer data was actually accessed by hackers and compromised. The investigation is ongoing, thus Delta launched a dedicated website to provide the latest developments in the [24]7.ai attack. 

Delta’s site specifically states that malware present in software used by [24]7.ai potentially exposed payment information of several hundred thousand customers using Delta’s PC-accessed website. Even more, customers didn’t have to interact with the chat tool to be hit by the hack. The attack did not affect the Fly Delta app, the mobile website, or Delta’s computers. 

So what did the hackers obtain? Customer names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers who used the Delta Wallet service weren’t affected, as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information. 

“Delta will be working diligently to directly contact customers, including by first-class postal mail, who may have been impacted by the [24]7.ai cyber incident,” Delta states. “Delta will also launch a dedicated phone line and website for the small subset of customers who were impacted so we can address their concerns.” 

Other companies affected by the [24]7.ai cyber incident include Best Buy, Sears Holdings Corp., and more. Sears said it wasn’t notified of the breach until mid-March and believes that the hack affected less than 100,000 customers. Upon notification, Sears informed credit card companies to prevent possible fraud. 

“Customers using a Sears-branded credit card were not impacted,” the company states in a blog. “In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.” 

Best Buy says only a small fraction of its online customer population “could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
How to download a video from Facebook
An elderly person holding a phone.

Facebook is a great place for sharing photos, videos, and other media with friends and family. But what if you’d like to download a video to store offline? This means you’d be able to watch the clip on your PC or mobile device, without needing to be connected to the internet. Fortunately, there’s a way to download Facebook videos to your everyday gadgets, although it’s not as straightforward a process as it could be.

Read more
How to delete your Gmail account (and what you need to know)
The top corner of Gmail on a laptop screen.

Is it time to part ways with your Gmail account? Whether you’re moving onto greener email pastures, or you want to start fresh with a new Gmail address, deleting your old Gmail account is something anyone can do. Of course, we’re not just going to bid you farewell without a guide all our own. If you need to delete your Gmail account, we hope these step-by-step instructions will make the process even easier.

Read more
How to change margins in Google Docs
Laptop Working from Home

You may find that Google Docs has a UI that is almost too clean. It can be difficult to find basic things you're used to, such as margin settings. Don't worry, though, you can change margins in Google Docs just like with any other word processor through a couple of different means.

Read more