Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber exposes. Show all posts

Major Data Breach at FlightAware Exposes Pilots and Users' Information

 


A popular flight tracking website accidentally exposed names, addresses, aircraft owned, pilot status, and tracked flights, as well as user data. There was a surprise in the inbox of many users of FlightAware, a popular flight tracking application, on August 17, when the company sent a notice to its customers as a result of a "data security incident" that occurred. 

The email has been sent by Matt Davis, FlightAware's general manager, warning its recipients that a vast number of their details may have been exposed as a result of the internal incident and that they will need to reset their passwords when they log on again. There is a possibility that the incident may have had a detrimental effect on thousands of Australians. 

According to Davis, on the 25th of July, 2024, it was discovered that there was an error with the configuration of users' FlightAware accounts that may have caused users' data to be exposed inadvertently. User ID, login password, and email address may have been exposed inadvertently. If the user provides any additional information about themselves, it may include such information as their full name, billing address, shipping address, IP address, social media accounts, telephone number, date of birth, the last four digits of their credit card number, and their account activity, depending on the information they provide. 

The company will also include information regarding ownership and industry of aircraft, title and registration of aircraft, pilot status (yes/no), and their account activity in its report. As an addition to Davis' comments, the State Police have also stated that the configuration error has been corrected and that the notification was not delayed as a result of an investigation by the police, as had been initially stated. Neither FlightAware nor any of its representatives have said that a malicious actor accessed the data, nor have they revealed the precise period over which the data was exposed. 

To the best of our knowledge, no threat actor has claimed to have accessed any of the FlightAware data at this time. The FlightAware website claims that the application is employed by over 10,000 aircraft operators and providers of aviation services across the world, as well as more than 13,000,000 passengers, to supply them with flight tracking services, predictive analytics, and decision-making tools around the world. The sister publication of Australian Aviation, Cyber Daily, has contacted FlightAware in order to find out more information.