FlightAware Data Leak Exposes Users' Personal Information

The everyday flight-monitoring web page FlightAware stumbled on a configuration error that exposed the peaceable personal files of its users.

The guidelines leak included particular person IDs, passwords, and electronic mail addresses, and reckoning on the files equipped by users may per chance well honest acquire also exposed pudgy names, billing and transport addresses, IP addresses, social media accounts, cellular phone numbers, birth years, partial bank card numbers, airplane ownership particulars, enterprise, title, pilot speak, and fable job equivalent to flights considered and feedback posted.

The guidelines leak doubtlessly impacts all FlightAware users who had accounts between January 1, 2021, and July 25, 2024. FlightAware has no longer disclosed the right kind possibility of impacted folk. Nonetheless, as a precaution, the company requires all doubtlessly affected users to reset their passwords.

Upon discovering the exposure, FlightAware said they straight away mounted the configuration error. The corporate started notifying impacted users by device of electronic mail on August 15, 2024. In the breach notification, FlightAware presents affected folk with particulars on the right kind sorts of non-public files exposed and offers 24 months of complimentary credit rating monitoring companies and products.

FlightAware users are instructed to:

• Reset passwords on their FlightAware fable besides to every other accounts the exhaust of the the same password.
• Alternate passwords to linked social media accounts that can per chance well acquire been exposed.
• Possess in thoughts the exhaust of a password supervisor to construct and store solid, novel passwords for every fable.
• Computer screen credit rating reviews and monetary accounts for suspicious job.
• Recount their monetary institution about the functionality bank card files exposure and demand a recent card number.

Some users acquire expressed frustration about having to pay for a carrier entirely to acquire their files breached. There are also considerations about FlightAware’s files safety practices, with some speculating that passwords may per chance well honest acquire been saved in terrifying text.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces