Worldwide high-speed rail operator, Eurostar, is emailing its customers this week and forcing them to reset their account passwords in a bid to “improve” safety.

However customers who go to the password reset hyperlink  are met with “technical issues,” thereby making it unattainable for them to reset their password or log in to their accounts.

Eurostar is well-known for connecting the UK to France, Belgium, and Netherlands with most of its trains crossing the Channel Tunnel.

Eurostar password reset bug is locking passengers out

Eurostar is emailing all its prospects this week, forcing them to reset their account passwords as the railway operator claims to be “busy” upgrading account safety for everybody.

BleepingComputer additionally obtained such an electronic mail notification proven beneath:

“To proceed utilizing your Eurostar account, you may must reset your password,” reads the e-mail. “For those who additionally use the Eurostar cell app, you may must replace it to the most recent model.”

Navigating to the “reset password” hyperlink, nonetheless, and following by means of the directions doesn’t resolve something. As an alternative, customers are met with the next error message:

“Sorry, we’re having a couple of technical issues so we will not ship the e-mail in the meanwhile. Please attempt once more a bit later.”

BleepingComputer noticed the habits occurring yesterday, shortly after we examined the hyperlink within the electronic mail notification. The difficulty is persisting as we speak.

The bug has triggered elevated frustration amongst Eurostar passengers and customers world wide who are actually successfully locked out of their accounts.

Upon each profitable log in try, customers are offered with the password reset interstitial that will not allow them to entry their account till a password reset is carried out. Nevertheless, the password reset by no means takes place as a result of aforementioned technical error.

“@Eurostar find out how to inform your prospects you hate them with out saying it: lock everybody’s account and make it unattainable to reset their password,” tweets one person.

A number of different irritated customers chimed in:

Sending emails out to “pricey buyer” then sending them on a “We’re having technical difficulties Please attempt once more a bit later” loop, three days after this strikes me as a “information breach” scenario…… Can we’ve got some clarification please @Eurostar ? https://t.co/xgvYnFgooG

— Mike B. (@brooomster) February 13, 2023

We additional noticed confused prospects who panicked, mistaking Eurostar’s (reputable) electronic mail for a phishing try.

Ongoing upkeep guilty?

In a protracted Twitter thread posted Friday, Eurostar admitted being conscious of customers met with points when making an attempt to entry Membership Eurostar accounts and blamed it on ongoing upkeep. However, this was prior to the corporate sending out password reset emails.

Beforehand, prospects reported their bookings and knowledge being “lacking” from their accounts: 

We’re conscious that bookings are lacking when accessing an account however can affirm that the bookings are nonetheless there and have not been eliminated if had been beforehand within the account. The account upkeep improve nonetheless has some finalisation work to finish and bookings will present once more.

— Eurostar (@Eurostar) February 10, 2023

The railway operator, on the time, had suggested prospects to clear their browser cookies or re-attempt registration utilizing the identical electronic mail tackle. However this doesn’t appear to work as an answer for anybody [1, 2].

Eurostar final enforced a widespread password reset in 2018 when it had skilled an information breach, as reported by The Telegraph on the time.

We’re but to search out out if the pressured password reset is certainly Eurostar’s method of tightening account safety, or if the motion is prompted by a cybersecurity incident, akin to unauthorized entry to methods or an information breach.

BleepingComputer has emailed Eurostar with questions properly prematurely of publishing and we’re awaiting their response.