FlightAware, a flight tracking company, urges some customers to change their account login passwords after a data breach may have compromised private data. This Houston-based technology company provides aircraft tracking data in both real time and historical format.
Furthermore, it is recognised as the world's largest flight-tracking platform, with a network of 32,000 Automatic Dependent Surveillance-Broadcast (ADS-B) ground stations spread across 200 nations.
However, the firm recently disclosed in a statement posted on the California Attorney General's website that it experienced a data security breach on January 1, 2021. The breach was triggered by a misconfiguration that led to a setup error.
Moreover, the company only discovered the issue on July 25, 2024, exposing private user data for nearly three years. As of now, the company has yet to reveal whether the exposed data was misused or stolen during its unprotected state for three years.
In their initial announcement, FlightAware stated that they had discovered a setup issue that might have unintentionally exposed user IDs, passwords, and email addresses associated with their accounts.
Whether or not users chose to add certain data categories to their accounts—such as full names, phone numbers, IP addresses, shipping addresses, billing addresses, social network profiles, and birth dates—may have had an influence on some users.
Critical information may also be compromised for certain accounts, including the last four digits of your credit card numbers, the status of the pilot, account activity (flights seen and comments left), and your Social Security Number (SSN).
FlightAware, on the other hand, claimed that they had rectified the configuration issue and that any account holders whose data was compromised would be advised to change their passwords when they logged back into the platform. The company also assured all clients who got the security issue notification that they would be given a free two-year identity protection package and encouraged them to report any suspicious activity to local law enforcement authorities.
Finally, the discovery of this unintentional data breach suggests that potentially impacted users should be wary of unwanted mailings. Threat actors could have used the exposed data for nefarious purposes such as identity theft and phishing.