Continental rail service Eurostar has contacted customers with online accounts, asking them to reset their passwords as the company works to improve user security.
However, technical issues have left users unable to reset them or even log into their accounts, effectively locking them out entirely.
The official email from Eurostar to customers says that to continue using their account they must reset their passwords, followed by a link to the page where they can do this.
The problem is that if you follow this link and start the process, you get this error message from the website: “Sorry, we’re having some technical issues, so we can’t send the email at the moment. Please try again later.”
A potential security breach?
BleepingComputer (opens in a new tab) recently tested the problem and found that it has continued to persist. Customers are understandably frustrated, and some vent their anger Social Media (opens in a new tab).
When customers continue to try to access their account, they are faced with the password reset question, which then results in the aforementioned technical error message, leaving them trapped in this unbreakable loop and unable to access their accounts at all taken.
Another twitter user speculated that this failure sounded like a “data breach situation,” and others suspect (opens in a new tab) the official email they received as a phishing scam due to the presence of the link and did not address them by name.
This debacle follows on the heels of another at the rail operator, since last Friday there were problems with Club Eurostar members having their bookings completely disappear, but it secure customers (opens in a new tab) that the orders were still on the system – just not visible to the users.
On this question, the company the council (opens in a new tab) “If you cannot access your account, please remove the cookies from your device and reset your password. If you do not receive the password reset link, please register again with the same email address used for your account.”
However, some customers responded to say that these solutions didn’t work for them, and given the recent password reset issue, this part of the advice doesn’t work either.
BleepingComputer could not confirm whether the technical issues were due to a security incident, and when reached for comment, a Eurostar spokesperson responded with the following statement:
“Our customers were contacted to reset their password following an update to our customer authentication system. The sudden number of customers attempting to do this caused some technical issues and we are working to resolve this as soon as possible. We apologize for any inconvenience this may have caused . has caused.”