perspective view of jet airliner in flight with bokeh background

JetBlue forces users to change passwords

New York-based airline JetBlue recently required many of its customers to reset their account passwords. But, unfortunately, they didn’t do a great job of explaining what was happening, or why, to those affected. This led to some concerns about whether an undisclosed data breach had occurred, although JetBlue said this wasn’t the case.

What happened?

If a customer hadn’t created their account or changed their password in the past 18 months, they were greeted with a message saying: “Either your username or password is incorrect. If your password was created before Jul 31 2020 please set a new one by selecting ‘Reset password’ below.”

Hitting that option then brought customers to another screen, where they were asked to set a password and given the relatively typical guidance around what it should and shouldn’t include.

JetBlue moved to calm fears of a data breach by explaining the changes were necessary due to a previous IT migration. But, apparently, no one at JetBlue thought simply emailing affected customers and telling them they’d need to change their passwords was necessary or a good idea!

A JetBlue statement said: “In 2020, JetBlue updated our cybersecurity account management tools with a more secure log-in provider and, with that, updated to a new password policy for customers creating accounts or resetting passwords. While the system change that added this new authentication provider was completed in 2020, we phased in forcing password updates in order to limit the impact to traveling customers.”

Old passwords compliant with new policy still required a reset

Another source of confusion and inconvenience was that even passwords created before 31st July 2020 that were compliant with the new policy still needed an update.

However, the more significant issue, in this case, was the lack of communication from JetBlue.

With cybersecurity in focus like never before, it’s vital that communicating with customers is part of any business’ strategy for managing and strengthening their systems.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.