This post was originally published on this site
FlightAware, a flight tracking site, has blamed an “error in configuration” for exposing personal information about its customers. This includes some of their Social Security Numbers.
The company, which claims it is one of the largest aggregators for flight data, stated on its website, that they identified the unspecified mistake on July 25. This exposed names, emails addresses, and other information depending on the information users provided.
FlightAware stated that the exposed data included “billing address and shipping address, IP addresses, social media accounts and telephone numbers, your year of birth and last four digits on your credit card, information about aircraft, industry, title and pilot status (yes/no), as well as your account activity, such as flights viewed and posts.
FlightAware reported that in an additional notice filed with California’s Attorney General’s Office, it found that passwords and Social Security Numbers were also exposed.
The company has now instructed all affected users that they must reset their passwords. FlightAware doesn’t say in its notice whether or how passwords stored by customers are scrambled.
The notice filed with state states that the breach dates back to January 2021, more than three years ago.
The company’s description suggests a mistake by the company, not a malicious cyberattack.
FlightAware admits that customer data has been exposed. However, it is not known who accessed or exfiltrated this data. It is also unknown if the company possesses the technical means to determine whether anyone downloaded customer data.
FlightAware spokesperson Kathleen Bangs has not responded to requests for comments, nor revealed how many customers were affected.
FlightAware states on their website, that they have more than 10 millions monthly users.
