Continental rail service Eurostar has been contacting customers with online accounts to ask them to reset their passwords as it works to improve the security of its users.
However, technical issues prevented users from resetting or even logging into their accounts, effectively locking them out entirely.
The official Eurostar email to customers states that in order to continue using their account they will have to reset their password, followed by a link to a page where they can do this.
The problem is, clicking this link and starting the process throws this error message from the site: “Sorry, we’re experiencing some technical difficulties, so we’re currently unable to send the email. Please try again later.”
Potential security breach?
When customers keep trying to enter their account, they get a password reset prompt, which then results in the aforementioned technical error message, so they get stuck in this unsolvable loop and can’t access their account at all.
Another Twitter user speculated the bug sounded like a “data breach situation,” and others Suspect (opens in a new tab) Because of the link, the official email they received was a phishing scam rather than addressing them by name.
Another debacle at the rail operator came on the heels of a complete disappearance of Eurostar club membership bookings on Friday, but it Rest assured customer (opens in a new tab) The booking is still in their system – it’s just not visible to the user.
To address this issue, the company suggestion (opens in a new tab) “If you are unable to access your account, please clear the cookies from your device and reset your password. If you did not receive the reset password link, please register again using the same email address as your account.”
However, some customers responded that these solutions did not work for them, and given the recent password reset issues, neither did this part of the advice.
BleepingComputer could not confirm whether the technical issue was caused by a security incident, and when they sought comment, a Eurostar spokesperson responded with the following statement:
“Following an update to our customer authentication system, we contacted our customers to reset their passwords. The sudden influx of customers attempting to do so has caused some technical difficulties and we are working to resolve this as soon as possible. To you We apologize for the inconvenience caused.”