FlightAware configuration error leaked consumer knowledge for years

Flight monitoring platform FlightAware is asking some customers to reset their account login passwords due to a knowledge safety incident which will have uncovered private info.

The expertise firm relies in Houston, Texas and gives real-time in addition to historic flight monitoring knowledge. FlightAware is taken into account the world’s largest flight-tracking platform with a community of 32,000 Computerized Dependent Surveillance-Broadcast (ADS-B) floor stations in 200 nations.

In a notification on the web site of California’s Workplace of the Lawyer Normal, the firm informs that the date of the information safety incident is January 1, 2021 and the trigger was a configuration error.

The error was found on July 25, 2024, leaving private consumer info uncovered for greater than three years. It’s unclear if any of the information has been compromised.

“On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address,” reads the discover.

Moreover, the next knowledge sorts might have been compromised for some customers, relying on whether or not folks opted so as to add them on their accounts:

  • Full identify
  • Billing handle
  • Delivery handle
  • IP handle
  • Social media account
  • Phone quantity
  • 12 months of delivery
  • Final 4 digits of bank card quantity
  • Details about plane owned
  • Pilot standing
  • Business and title
  • Account exercise (together with flights seen and feedback posted)
  • Social Safety quantity (SSN)

FlightAware stated that the configuration error has been remediated now, and all account holders whose knowledge has been uncovered will probably be prompted to reset their passwords on their subsequent login to the platform.

“Out of an abundance of caution, we are also requiring all potentially impacted users to reset their password. You will be prompted to do so at your next log-in to FlightAware.” – FlightAware

The service additionally gives a devoted web page for the customers that need to reset their account password instantly, out there right here.

All customers receiving the information safety incident notification are supplied a free-of-charge 24-month id safety bundle by way of Equifax and are suggested to report suspicious exercise to their native regulation enforcement authorities.

Any consumer counting on the identical credentials for logging into different on-line platforms ought to reset them there too as quickly as potential to mitigate the danger of account hijacking by way of credential stuffing assaults.

BleepingComputer has requested FlightAware if they’ve proof of unauthorized entry and the variety of impacted customers, and we are going to replace this put up after we hear again.

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

Dec 17, 2024Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...