MyVikingJourney site hacked?

Viking's My Viking Jouney website has been down all day.

When I tried again a few minutes ago, Google gave me a warning that the site is not secure and the HTTPS certificate is expired:

Your connection is not private

 

Attackers might be trying to steal your information from www.myvikingjourney.com (for example, passwords, messages, or credit cards).

 

NET::ERR_CERT_DATE_INVALID

Note that this is not the regular website but the one used for people with current booked reservations and contains all their personal travel information as well as booked tours, airline reservation booking numbers, passport information, etc.

I just checked and am getting the same message. We leave in less than a week, so hopefully Viking gets their system back together before then. I'm not going to even think about the possibility that our information has been compromised so close to our trip.

Interestingly, I just checked my booking and saw the same message. I called Viking and in response to my very specific question on whether the site has been hacked the agent told me it has not been hacked and is simply down for maintenance and all should be back up this evening. I hope that is the case but I will be checking first thing in the morning and hope I won't have to spend the day on the phone following up.

There was a big international cyberattack that is affecting a lot of different computer systems all over the world.

https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?mcubz=1

I have no idea if Viking was a victim of this cyberattack, but that attack is what the Google message is talking about.

It's working for me right now. I didn't try it earlier today.

I was able to log in, but immediately got this error message:

Unable to load voyage

We are having difficulties loading your cruise details - please try again later or contact us to speak with a Viking representative.

Post it on Vikings Facebook page and maybe they will take it seriously

Sent from my iPhone using Forums

I don't think we need to read too much into this.

If the original message was that their SSL certificate had expired then that is enough to explain everything else.

That is quite different from the recent ransomware attacks so I certainly wouldn't suggest any connection.

SSL certificates last typically for 3 years at most, and should be renewed in a timely manner.

They are easy to renew before they expire, a little harder to renew after they expire, and irritating to change to a different provider.

Sounds like Viking, or their web services provider got it wrong and while it certainly shouldn't take this long to fix, it is better to have the site down while they do fix it.

It certainly doesn't imply they have been hacked or that there is any risk to data, just something that should have been fixed in a timely manner that wasn't.

Hi, I have just now successfully logged in to My Viking Journey as of 5pm EST on Thursday. All appears to be back to normal.

Can you access myvikingjourney if you booked through a TA or is this exclusive to bookings through Viking ?

Dear all,

We apologize for the recent interruption to My VikingJourney.

At this time, the site is back online and accessible for all voyages with the exception of the Viking Sun World Cruise.

While we hope to have all accounts back up and running shortly, we welcome World Cruise passengers to reach us at Tellus@vikingcruises.com for direct assistance booking shore excursions, dining reservations or finding cruise information.

Kind regards,

Viking Cruises

Can you access myvikingjourney if you booked through a TA or is this exclusive to bookings through Viking ?

It's for anyone with a booking.

I don't think we need to read too much into this.

 

If the original message was that their SSL certificate had expired then that is enough to explain everything else.

 

That is quite different from the recent ransomware attacks so I certainly wouldn't suggest any connection.

 

SSL certificates last typically for 3 years at most, and should be renewed in a timely manner.

 

They are easy to renew before they expire, a little harder to renew after they expire, and irritating to change to a different provider.

 

Sounds like Viking, or their web services provider got it wrong and while it certainly shouldn't take this long to fix, it is better to have the site down while they do fix it.

 

It certainly doesn't imply they have been hacked or that there is any risk to data, just something that should have been fixed in a timely manner that wasn't.

While I agree with most of what you wrote, this was something more than simple maintenance or an expired certificate. It was down for two days. I'm an IT professional who works for an international company and my responsibilities include keeping an emergency response center up and running 24/7. Disaster recovery is one areas of my expertise. The site was up periodically under SSL after about 8 hours but no data was available. Then was then taken down for at least 12 hours. My professional opinion is that they were recovering or rebuilding the site from backup. Some major event caused the disruption.

While I agree with most of what you wrote, this was something more than simple maintenance or an expired certificate. It was down for two days. I'm an IT professional who works for an international company and my responsibilities include keeping an emergency response center up and running 24/7. Disaster recovery is one areas of my expertise. The site was up periodically under SSL after about 8 hours but no data was available. Then was then taken down for at least 12 hours. My professional opinion is that they were recovering or rebuilding the site from backup. Some major event caused the disruption.

Should we be worried about our personal data (DOB, passport numbers, etc) being compromised? Would we or does Viking need to let us know if they were hacked?

If it was yesterday. They probably got hit by the cyber attack in Europe yesterday. That would depend where their site is located.

Sent from my iPad using Forums

Should we be worried about our personal data (DOB, passport numbers, etc) being compromised? Would we or does Viking need to let us know if they were hacked?

The answer to that is "It depends." There are a myriad of federal and state laws and regulations that deal with data breeches. In addition there are international concerns. For example, the EU is very protective of the personal data of its citizens and if data is moved across non-EU borders, notification is required in some instances. So depending of where the servers are physically located, what type of breach occurred, if any information was compromised, etc. it is impossible to say. Most companies have a policy of keeping any incident confidential and will only disclose it after consulting with lawyers. Remember it took years for Yahoo to disclose anything about a massive data breach. Most companies employ the old "mushroom management" principle: keep them in the dark and feed them you know what.

In case you have insomnia, read the FTC response guide of what to do in case of a data breech

The goal of this cyberattack seems to have been disrupting all kinds of companies. IF you are concerned take measures to protect your data.

IF you are concerned take measures to protect your data.

That sounds great in theory.

How exactly do I protect my "exposed" date of birth and my passport number (among other potentially compromised personal data ) if there indeed was a cyber attack on Viking?

The site was up periodically under SSL after about 8 hours but no data was available. Then was then taken down for at least 12 hours. My professional opinion is that they were recovering or rebuilding the site from backup. Some major event caused the disruption.

That major event does of course include not only an external attack, but simple internal incompetence as well of course :)

... but even if it was the result of the recent round of ransomware attacks, the primary objective of those is to deny access to the system not to steal data.

Yes, of course that doesn't mean that other attacks and objectives were not running in parallel, but the nature of these attacks prioritizes encrypting the data where it is located, not copying the data so there is a bit less need to worry as an end-user even if it was related to the other attacks and that is of course completely unconfirmed at this time...

That sounds great in theory.

How exactly do I protect my "exposed" date of birth and my passport number (among other potentially compromised personal data ) if there indeed was a cyber attack on Viking?

Even if there was an attack, there is no certainty that your data was exposed, but if it was then the usual advice remains appropriate...

... you can't do much about static data like DoB, passport numbers etc. but you can ensure that you regularly monitor credit reports and credit check requests to see if any attempts are being made to use your personal information. Irrespective of any particular incident or attack it is sensible to monitor such data anyway as you will often be completely unaware of a breach which exposes your data so don't wait to hear of such a breach just remain vigilant.

There are plenty of identity protection plans available such as lifelock, Experian, completeid, etc.

There seems to have been 2 goals of this cyberattack: ransom and disrupting businesses on a global scale. No reports so far of stolen data, but it remains to be seen.

Even if there was an attack, there is no certainty that your data was exposed, but if it was then the usual advice remains appropriate...

 

... you can't do much about static data like DoB, passport numbers etc. but you can ensure that you regularly monitor credit reports and credit check requests to see if any attempts are being made to use your personal information. Irrespective of any particular incident or attack it is sensible to monitor such data anyway as you will often be completely unaware of a breach which exposes your data so don't wait to hear of such a breach just remain vigilant.

I am certainly doing that (and have been for some time) with 2 different agencies.

Dear all,

Since yesterday’s update, all World Cruise accounts have been restored and My Viking Journey is now fully accessible.

Rest assured that the recent interruption was nothing more than an internal system error.

Thank you for the opportunity to follow-up. We look forward to cruising with you all soon!

Best regards,

Viking Cruises

Today, I have trouble getting in myVikingJourney.com, despite several attempts. Never had this problem before. Last successful attempts were two days ago. Wonder if anyone else is experiencing the same problem? Hope Viking fixes its website problem soon. When it happens, I shall download and print all important documents, so I won't get stuck last minute before getting on a plane.

A side note - After numerous failed attempts (using my iPad), I got a pop up message (that would not go away) telling me my IP address is being used by multiple other computers (serious hacking possibility and identity theft if not fixed immediately) and to call Apple tech support number 1-800-858-2160 toll free for help. I called the number, and the helper asked me to turn on my computer to type in some http://www.techsupport address. The next steps, I believe, would be to give him the control of my computer, so he would help fix my problem. An alarm immediately popped up in my mind. Being cautious, I asked for some means, so I could call or check online to confirm he was indeed from Apple Tech Support. After he gave me no direct answers, I thanked him and hung up. Next, I turned off all my devices and my router to reset, and then restarted all of them after a few minutes. No more pop up signs. However, I still cannot get in myVikingJourney.com. My suspicion is that the pop up was a scam, and I am very relieved that I did not fall for it. Just a warning to others.

It seems that when I get older and older, there are traps and scams for older people. My house phone rings many times everyday from sales and donation calls and inquiries. I ignore all of them and use my answering machine to screen calls. I rarely answer calls from my house phone, and I rely on my cell phone to get urgent calls from family and friends. Still, the loud ringing tone is very annoying, especially during my sleep hours.

Thanks for letting me vent.

Today, I have trouble getting in myVikingJourney.com, despite several attempts. Never had this problem before. Last successful attempts were two days ago. Wonder if anyone else is experiencing the same problem? Hope Viking fixes its website problem soon. When it happens, I shall download and print all important documents, so I won't get stuck last minute before getting on a plane.

 

A side note - After numerous failed attempts (using my iPad), I got a pop up message (that would not go away) telling me my IP address is being used by multiple other computers (serious hacking possibility and identity theft if not fixed immediately) and to call Apple tech support number 1-800-858-2160 toll free for help. I called the number, and the helper asked me to turn on my computer to type in some www.techsupport address. The next steps, I believe, would be to give him the control of my computer, so he would help fix my problem. An alarm immediately popped up in my mind. Being cautious, I asked for some means, so I could call or check online to confirm he was indeed from Apple Tech Support. After he gave me no direct answers, I thanked him and hung up. Next, I turned off all my devices and my router to reset, and then restarted all of them after a few minutes. No more pop up signs. However, I still cannot get in myVikingJourney.com. My suspicion is that the pop up was a scam, and I am very relieved that I did not fall for it. Just a warning to others.

 

It seems that when I get older and older, there are traps and scams for older people. My house phone rings many times everyday from sales and donation calls and inquiries. I ignore all of them and use my answering machine to screen calls. I rarely answer calls from my house phone, and I rely on my cell phone to get urgent calls from family and friends. Still, the loud ringing tone is very annoying, especially during my sleep hours.

 

Thanks for letting me vent.

I've had no issues logging into the site today. The problem is probably local to your computer.