Article Details
Scrape Timestamp (UTC): 2024-08-19 14:09:11.935
Original Article Text
Click to Toggle View
FlightAware configuration error leaked user data for years. Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. The technology company is based in Houston, Texas and provides real-time as well as historical flight tracking data. FlightAware is considered the world's largest flight-tracking platform with a network of 32,000 Automatic Dependent Surveillance-Broadcast (ADS-B) ground stations in 200 countries. In a notification on the website of California's Office of the Attorney General, the company informs that the date of the data security incident is January 1, 2021 and the cause was a configuration error. The error was discovered on July 25, 2024, leaving personal user information exposed for more than three years. It is unclear if any of the data has been compromised. “On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address,” reads the notice. Additionally, the following data types may have been compromised for some users, depending on whether people opted to add them on their accounts: FlightAware said that the configuration error has been remediated now, and all account holders whose data has been exposed will be prompted to reset their passwords on their next login to the platform. “Out of an abundance of caution, we are also requiring all potentially impacted users to reset their password. You will be prompted to do so at your next log-in to FlightAware.” – FlightAware The service also provides a dedicated page for the users that want to reset their account password immediately, available here. All users receiving the data security incident notification are offered a free-of-charge 24-month identity protection package through Equifax and are advised to report suspicious activity to their local law enforcement authorities. Any user relying on the same credentials for logging into other online platforms should reset them there too as soon as possible to mitigate the risk of account hijacking via credential stuffing attacks. BleepingComputer has asked FlightAware if they have evidence of unauthorized access and the number of impacted users, and we will update this post when we hear back.
Daily Brief Summary
FlightAware, a global flight tracking platform, experienced a data security incident due to a configuration error, leaving user data vulnerable since January 1, 2021.
The configuration error was identified on July 25, 2024, exposing sensitive information such as user IDs, passwords, and email addresses for over three years.
It remains uncertain whether any of the exposed user data was actually accessed or misused by unauthorized parties.
Affected users are being instructed to reset their passwords, and they are prompted to do so upon next login.
FlightAware has addressed the configuration flaw and assures users that the issue has been remediated.
All users receiving the notification about the data breach are offered two years of free identity protection from Equifax.
The company advises users to change similar login credentials on other sites to prevent potential credential stuffing attacks.
FlightAware has not confirmed the total number of users impacted but has expressed commitment to updating the public as more information becomes available.