Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Flightaware. Show all posts

Flight Aware User Data Leaked Following Misconfiguration

 

FlightAware, a flight tracking company, urges some customers to change their account login passwords after a data breach may have compromised private data. This Houston-based technology company provides aircraft tracking data in both real time and historical format.

Furthermore, it is recognised as the world's largest flight-tracking platform, with a network of 32,000 Automatic Dependent Surveillance-Broadcast (ADS-B) ground stations spread across 200 nations.

However, the firm recently disclosed in a statement posted on the California Attorney General's website that it experienced a data security breach on January 1, 2021. The breach was triggered by a misconfiguration that led to a setup error. 

Moreover, the company only discovered the issue on July 25, 2024, exposing private user data for nearly three years. As of now, the company has yet to reveal whether the exposed data was misused or stolen during its unprotected state for three years. 

In their initial announcement, FlightAware stated that they had discovered a setup issue that might have unintentionally exposed user IDs, passwords, and email addresses associated with their accounts. Whether or not users chose to add certain data categories to their accounts—such as full names, phone numbers, IP addresses, shipping addresses, billing addresses, social network profiles, and birth dates—may have had an influence on some users.

Critical information may also be compromised for certain accounts, including the last four digits of your credit card numbers, the status of the pilot, account activity (flights seen and comments left), and your Social Security Number (SSN). 

FlightAware, on the other hand, claimed that they had rectified the configuration issue and that any account holders whose data was compromised would be advised to change their passwords when they logged back into the platform. The company also assured all clients who got the security issue notification that they would be given a free two-year identity protection package and encouraged them to report any suspicious activity to local law enforcement authorities. 

Finally, the discovery of this unintentional data breach suggests that potentially impacted users should be wary of unwanted mailings. Threat actors could have used the exposed data for nefarious purposes such as identity theft and phishing.

Major Data Breach at FlightAware Exposes Pilots and Users' Information

 


A popular flight tracking website accidentally exposed names, addresses, aircraft owned, pilot status, and tracked flights, as well as user data. There was a surprise in the inbox of many users of FlightAware, a popular flight tracking application, on August 17, when the company sent a notice to its customers as a result of a "data security incident" that occurred. 

The email has been sent by Matt Davis, FlightAware's general manager, warning its recipients that a vast number of their details may have been exposed as a result of the internal incident and that they will need to reset their passwords when they log on again. There is a possibility that the incident may have had a detrimental effect on thousands of Australians. 

According to Davis, on the 25th of July, 2024, it was discovered that there was an error with the configuration of users' FlightAware accounts that may have caused users' data to be exposed inadvertently. User ID, login password, and email address may have been exposed inadvertently. If the user provides any additional information about themselves, it may include such information as their full name, billing address, shipping address, IP address, social media accounts, telephone number, date of birth, the last four digits of their credit card number, and their account activity, depending on the information they provide. 

The company will also include information regarding ownership and industry of aircraft, title and registration of aircraft, pilot status (yes/no), and their account activity in its report. As an addition to Davis' comments, the State Police have also stated that the configuration error has been corrected and that the notification was not delayed as a result of an investigation by the police, as had been initially stated. Neither FlightAware nor any of its representatives have said that a malicious actor accessed the data, nor have they revealed the precise period over which the data was exposed. 

To the best of our knowledge, no threat actor has claimed to have accessed any of the FlightAware data at this time. The FlightAware website claims that the application is employed by over 10,000 aircraft operators and providers of aviation services across the world, as well as more than 13,000,000 passengers, to supply them with flight tracking services, predictive analytics, and decision-making tools around the world. The sister publication of Australian Aviation, Cyber Daily, has contacted FlightAware in order to find out more information.