FlightAware, a leading flight tracking service with millions of monthly users, has been scrutinised after revealing that a significant amount of customer data was inadvertently exposed due to a ‘configuration error.’ The incident, which the company discovered on July 25, has sparked concerns over protecting personal information belonging to FlightAware’s users, including sensitive details such as Social Security numbers, emails, and physical addresses.
In a statement on its website, FlightAware acknowledged the error and confirmed that the compromised information includes names, email addresses, and physical addresses as well as more sensitive data like Social Security numbers, telephone numbers, and even the last four digits of users’ credit card numbers.
The breach also included data such as IP addresses, social media accounts, year of birth, information about aircraft owned, and user activity on the platform, including flights viewed and comments posted.
While the full scope of the breach remains unclear, FlightAware has taken steps to mitigate potential damage. The company has initiated a mandatory password reset for all affected users, although it has not specified whether the stored passwords were encrypted or if any additional security measures were in place.
Experts believe the data exposure was caused by a configuration mistake rather than a deliberative cyberattack. However, this does little to alleviate concerns about the safety of the compromised data.
The company has not disclosed whether it has the technical capabilities to determine if any of the exposed data was accessed or downloaded by unauthorised individuals.
Notably, the breach dates back as far as January 2021, meaning that sensitive customer information may have been vulnerable for over three years before the error was discovered.
Despite the gravity of the situation, FlightAware has yet to provide details on the number of users affected or the specific cause of the configuration error.
The company has maintained a silence on the issue. However, as TechCrunch points out, FlightAware boasts over 10 million monthly users, and the potential impact of this data exposure could be significant, leaving many customers questioning the platform’s commitment to safeguarding their personal information.
In the News: TA453 targets religious figures in a phishing attack
