Air Canada locked down 1.7 million user accounts forcing customers to change passwords used to access online and app services due to a data breach that left 20,000 users data vulnerable to hackers.

Air Canada detected unusual login activity between Aug. 22 and Aug. 24, and tried to block the hacking attempt, locking the app accounts as an additional measure, according to a notice on its website.

After a series of data breaches taking place in the past year, companies are still careless with their security and customers are the ones that end up having to deal with the breach.

Amit Sethi, senior principal consultant at Synopsys, said: "There is simply no excuse for organisations to still be relying solely on passwords for authentication. In this case, the hack might have been related to the Air Canada mobile app. Everyone that uses a mobile app has a mobile device that they can use to enroll in several types of multi-factor authentication.

Air Canada says that Aeroplan numbers, passport numbers, birth dates, nationalities and countries of residence could have been accessed if users saved them in their account profile. Credit card information, they say, is encrypted, so it is supposedly protected.