American Airlines has sued the nonprofit Joomla, which
provides web publishing software, and web host Cloud Access, for allegedly allowing fraudsters to use "American Airlines" in a domain name, in order to trick consumers into providing sensitive
data.
“Joomla allowed a user to sign up for a free website, create a subdomain 'americanairlines,' and hosted a website at that subdomain (<americanairlines.joomla.com>),”
the airlines alleges in an amended complaint filed Tuesday in U.S. District Court for the Southern District of New York.
“Joomla did not verify whether the person creating the free
account was affiliated with American, and had Joomla made any effort to do so, would have quickly realized that the person creating the account was not affiliated with American,” the airline
adds.
The site, hosted by Cloud Access, gathered usernames, passwords and email addresses, according to the complaint.
“This information collected from consumers is used to
commit other crimes and frauds, including but not limited to, gaining unauthorized access to the consumers’ social media accounts, bank accounts, credit history, and other personal accounts that
may use similar usernames or passwords,” the lawsuit alleges.
American also says notified Joomla and CloudAccess about the site, and requested that it be disabled. Neither responded,
according to the lawsuit.
By Wednesday afternoon the site had been shuttered and visitors were greeted with a message warning of fraud.
Claims in the airline's complaint include
include trademark infringement and cyberpiracy.
The company is seeking monetary damages and a court order prohibiting Joomla and Cloud Access from using the American Airlines brand in domain
names, or enabling others to do so.