HQ/EMEAFind out how we can help your business
FlightAware, a flight tracking platform, urges some users to reset their account login passwords after a data breach may have exposed their data.
This tech company in Houston delivers both real-time and historical aircraft tracking data. Moreover, it is regarded as the world’s largest flight-tracking platform, with a network of 32,000 Automatic Dependent Surveillance-Broadcast (ADS-B) ground stations across 200 countries.
However, the corporation recently revealed in a statement on the California Attorney General’s website that it suffered a data security breach on January 1, 2021. The cause of the breach was a misconfiguration that resulted in a setup error.
Moreover, the company only detected the error on July 25, 2024, exposing personal user information for about three years. As of now, the company has yet to disclose if the exposed data was misused or compromised during its unprotected state for three years.
FlightAware accidentally exposed the personal information of their users’ accounts.
According to the initial announcement, FlightAware explained that they found a setup issue that may have inadvertently leaked the personal data of their accounts, such as user IDs, passwords, and email addresses.
Data categories such as full names, billing addresses, shipping addresses, IP addresses, social media accounts, telephone numbers, and birth dates may have been impacted for some users, depending on whether they chose to add them to their accounts.
Furthermore, critical details like the last four digits of your credit card numbers, pilot’s status, Account activity (flights watched and comments posted), and Social Security Number (SSN) might also be subject to compromise for some accounts.
On the other hand, FlightAware stated that they also resolved the configuration problem and that all account holders whose data has been compromised would be instructed to change passwords upon their next login to the platform.
The company also assured all customers who received the security issue notification that they would be provided with a free two-year identity protection plan and urged them to report suspicious activities to local law enforcement authorities.
Lastly, the revelation of this inadvertent data leak indicates that potentially affected users should be cautious with unsolicited communications. Threat actors could have acquired the exposed data for malicious activities, like identity theft and phishing.
