FlightAware Confirmed Data Breach Happened Due To Configuration Error

The popular flight-tracking tool FlightAware has alerted users about a data breach that has been ongoing for several years. FlightAware mentioned a configuration error as the reason behind the security lapse.

FlightAware Data Breach Spans Across Several Years

Reportedly, FlightAware recently discovered a data breach involving the personal information of its customers. Following this discovery and the subsequent remediation of the security flaw, the service has now disclosed the incident information publicly.

According to its breach notification, the service detected a configuration error on July 25th, 2024, which exposed account details of FlightAware customers. This includes users’ account passwords, email addresses, and user IDs.

Consequently, this account detail risked users’ personal data, depending upon the extent of information users had shared. Hence, the breached data includes users’ names, shipping addresses, contact numbers, birth dates, billing information, credit card details, and associated social media accounts. Moreover, according to the notification, the breached data also includes users’ account activity details, aircraft owned, pilot status, and industry.

While such explicit details already indicate the massive impact of this data breach for FlightAware users, the firm shared some more information in a separate notice to the Office of the Attorney General, State of California Department of Justice. As stated, the breach happened on January 1, 2021, exposing users’ details for several years, which also included their Social Security Numbers.

Users Asked To Reset Passwords

FlightAware remedied the configuration error upon discovering the breach to stop the data exposure. However, out of caution, the service also reset users’ passwords to prevent potential unauthorized access.

Besides, FlightAware also recommends users take adequate measures to protect their personal information from potential misuse and identity theft. These measures include a proactive review of bank account statements and credit reviews, prompt reports to the FTC and law enforcement agencies regarding any fraudulent activities, and obtaining credit reports from the relevant services, such as Equifax or Experian, for a comprehensive review.

As compensation, the flight-tracking service also offers affected customers a two-year credit monitoring service free of cost.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil