A configuration error was identified as the cause of a breach on flight monitoring website FlightAware that compromised sensitive data including some users’ Social Security numbers and private information.
The self-proclaimed leading flight information aggregator acknowledged an unidentified issue on July 25, revealing personal details such as names, email addresses, and other data points based on user submissions.
According to FlightAware, the exposed data encompasses a comprehensive array of sensitive information, including “billing handle,” “delivery handle,” IP address, social media accounts, phone numbers, year of birth, final four digits of one’s bank card number, details about planes owned or traded, pilot status (yes/no), and account activity such as flight views and feedback posted.
Following an investigation by FlightAware in collaboration with California’s legal professionals, it was revealed that sensitive information such as passwords and Social Security numbers were also compromised.
As a precautionary measure, the corporation is mandating that all users impacted by this issue reconfigure their login credentials. FlightAware doesn’t explicitly reveal whether client-stored passwords are encrypted or not, nor does it provide details on the level of encryption used, leaving uncertainty regarding the security measures in place.
The discovery was filed with the state, revealing a breach that occurred as far back as January 2021, a period of nearly three and a half years ago?
The corporation’s description of a configuration error suggests an administrative blunder rather than a deliberate cyber assault.
Although FlightAware acknowledges that customer data was compromised, it remains unclear whether anyone accessed or extracted the sensitive information, or if the company possesses the necessary technical capabilities, such as logs, to determine if any unauthorized downloads occurred.
A FlightAware spokesperson, Kathleen Bangs, declined to comment on the matter, and the company did not provide information on the number of customers impacted.
According to FlightAware, its customer base exceeds 10 million subscribers on a monthly basis.
