FlightAware admits customer data has been exposed for years

21 Aug 2024

Image: © REC and ROLL/Stock.adobe.com

The company did not specify how many customers were impacted by the error, but the exposed data includes names, social security numbers and addresses.

Flight tracking site FlightAware has warned customers that their data may have been exposed for years due to a “configuration error”.

FlightAware said in a written statement that it discovered the error on 25 July and that it may have exposed the personal information on FlightAware accounts, including user IDs, passwords and email addresses.

Depending on the information shared by specific users, the potentially exposed data also includes social security numbers, full names, billing addresses, IP addresses, social media accounts, telephone numbers and the last four digits of credit card numbers.

In a filing with the US State of California, FlightAware said the breach dates back to the start of 2021. The company said it “immediately” fixed the configuration error as soon as it was discovered and is requiring all potentially impacted customers to reset their passwords.

The company did not specify if anybody accessed or stole the exposed customer data. It also did not respond to requests for comment from TechCrunch about how many customers were impacted. FlightAware says its services support more than 13m aircraft passengers around the world.

FlightAware said it is offering impacted customers “comprehensive credit monitoring services for two years” for free as a precautionary measure. Impacted customers will receive instructions on how to activate this service.

While the threat of cyberattacks remains a constant threat to peoples’ data, sometimes incidents can simply be the result of errors. In 2022,  around 77TB of research files were lost at Kyoto University after a supercomputer software update caused a malfunction.

Recently, airlines and other sectors around the world were severely disrupted by a CrowdStrike outage, when an update caused Windows devices to shut down completely.

Earlier this year, Kyndryl’s Kris Lovejoy explained how various cyberattacks can be linked back to human error and the growing impact of AI in cybersecurity.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com