Flightradar24 Hacked – User Password Hashes and Emails Compromised

The recent data breach confirms no one in the corporate sector is safe from hacking attempts and data breaches. According to the latest report, the global flight tracking company Flightradar24 faced a data breach. The leaked data may contain email addresses and hashed passwords of users. The company has asked all its users to change their login credentials.

Some Data Compromised As Flightradar24 Faced Data Breach

A few days ago, customers of Flightradar24 began receiving emails asking them to change passwords through a link. The email said that Flightradar24 faced a data breach in which some email addresses and hashed passwords may have been leaked. These emails created a panic among users. They sought to confirm the news from officials through various mediums. However, to their dismay, the officials confirmed the news.

One such user tweeted about it with a screenshot of the email. Later on, Flightradar24 confirmed the authenticity of the emails in their reply.

Users also approached them on their official forum, since there was no official news from Flightradar24 about the incident. However, they confirmed the data breach on their forum in a detailed manner.

“We can confirm that the email some of our users received in regards to a security breach has been sent by us. The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016). We would like to apologize that this breach occurred and for the inconvenience this may cause.”

Although the breached data may only contain hashed passwords, the company recommended their users to change passwords since an old hashing algorithm was used, therefore the hackers may find them easy to crack.

The Company Confirms Shutting Down The Affected Server

Fortunately, the firm was quick to notice the breach on one of its servers, after which it swiftly shut it down. Consequently, the details of only ‘a small subset’ of users may have leaked. The majority of users are supposedly safe. The company then sent emails to the affected users asking them to change their passwords.

Furthermore, the officials assure that the leaked data contained no personal or payment information. As stated in their website forum by one of their staffers,

“We would also like to stress that we’ve no indication any of personal information was compromised. An email has been sent to users with affected accounts.
Please note that no payment information has been compromised. Flightradar24 neither handles nor stores payment information.
We recommend to change the password for your FR24 account. In case you’ve used the same password anywhere else, we strongly suggest you update it there as well.”

The firm has revealed no further details about how the incident happened. Yet, they swiftly reported the incident to the Swedish Data Protection Authority as part of their compliance with EU’s GDPR.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil