Flight monitoring platform FlightAware is asking some customers to reset their account login passwords due to a knowledge security incident that will have uncovered private data.
The know-how firm is predicated in Houston, Texas and supplies real-time in addition to historic flight monitoring information. FlightAware is taken into account the world’s largest flight-tracking platform with a community of 32,000 Automated Dependent Surveillance-Broadcast (ADS-B) floor stations in 200 nations.
In a notification on the web site of California’s Workplace of the Lawyer Common, the corporate informs that the date of the info security incident is January 1, 2021 and the trigger was a configuration error.
The error was found on July 25, 2024, leaving private person data uncovered for greater than three years. It’s unclear if any of the info has been compromised.
“On July 25, 2024, we found a configuration error that will have inadvertently uncovered your private data in your FlightAware account, together with person ID, password, and e mail deal with,” reads the discover.
Moreover, the next information varieties could have been compromised for some customers, relying on whether or not individuals opted so as to add them on their accounts:
- Full title
- Billing deal with
- Transport deal with
- IP deal with
- Social media account
- Phone quantity
- Yr of delivery
- Final 4 digits of bank card quantity
- Details about plane owned
- Pilot standing
- Trade and title
- Account exercise (together with flights considered and feedback posted)
- Social Safety quantity (SSN)
FlightAware mentioned that the configuration error has been remediated now, and all account holders whose information has been uncovered might be prompted to reset their passwords on their subsequent login to the platform.
“Out of an abundance of warning, we’re additionally requiring all doubtlessly impacted customers to reset their password. You may be prompted to take action at your subsequent log-in to FlightAware.” – FlightAware
The service additionally supplies a devoted web page for the customers that wish to reset their account password instantly, accessible right here.
All customers receiving the info security incident notification are provided a free-of-charge 24-month identification safety bundle via Equifax and are suggested to report suspicious exercise to their native legislation enforcement authorities.
Any person counting on the identical credentials for logging into different on-line platforms ought to reset them there too as quickly as doable to mitigate the chance of account hijacking by way of credential stuffing assaults.
BleepingComputer has requested FlightAware if they’ve proof of unauthorized entry and the variety of impacted customers, and we are going to replace this publish after we hear again.
