FlightAware Customer Data Left Exposed for Over Three Years

Information of 12 million customers that may be compromised includes Social Security Numbers and addresses.

The world’s largest flight-tracking platform FlightAware has recently warned customers that their personal data has been exposed since 2021, because of a rare “configuration error”.

According to FlightAware’s written statement, the company only discovered the issue on July 25, and sensitive information could include email addresses and passwords, as well as personally identifiable information (PII) like full names, years of birth and Social Security Numbers.

It’s unknown whether the exposed data has been stolen or compromised, and how many users have been affected. Yet, with FlightAware having 12 million registered users, the extent of the incident could be pretty widespread. Think you could have been affected? We also explain what steps you can take to steer clear of phishing attempts and identity fraud.

Flight-Not-So-Aware Notifies Users of Major Data Security Incident

If you’re one of FlightAware’s customers, you might have been asked to reset your account login and password due to a significant 2021 data incident that’s recently been identified by the company.

The popular flight-tracking company, which is based in Houston, Texas, recently released a statement notifying its users about security concerns, and requesting them to reset login details the next time they logged into the flight tracker.

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2024 👨‍💻
See the list button

The statement explained that on July 25, 2024, FlightAware discovered a configuration error that may have “inadvertently exposed” personal data in users’ FlightAware accounts. The reason for the error is unknown, but the company has confirmed the incident took place in 2021, leaving consumer data vulnerable for over three and a half years.

“FlightAware values your privacy and deeply regrets that this incident occurred. Once we discovered the exposure, we immediately remedied the configuration error. Out of an abundance of caution, we are also requiring all potentially impacted users to reset their password.Statement from FlightAware

FlightAware apologized for the incident and has apparently remedied the situation. However, with lots of details being kept under wraps while the case is investigated, the full impact of the error is still yet to be determined.

What Type of Data Was Compromised?

According to FlightAware’s official notification, personal data exposed in the event includes personal account information including user IDs, passwords, and email addresses. However, depending on what information you entered into your account, it is possible that the following types of information have been compromised too:

  • Full name
  • Billing address
  • Shipping address
  • IP address
  • Social media accounts
  • Telephone numbers
  • Year of birth
  • The last four digits of your credit card number
  • Information about aircraft owned
  • Job title/ industry
  • Pilot status (yes/no)
  • Your account activity (such as flights viewed and comments posted)

While any type of leaked personal data opens users up to potential risks online, the fact that personally identifiable information like full names, year of birth, and social security numbers has been exposed is particularly alarming as this data is hot properly for hackers looking to carry out identity theft.

Unfortunately, it’s becoming increasingly common for PII data to fall into the wrong hands. Sensitive information, including Social Security Numbers, of around 2.9 billion people have recently been compromised in a global cyberattack targeting the National Public Data (NPD). New insights reveal that account details like email addresses and passwords were also accessed in the historical breach, leaving users even more vulnerable to identity fraud, as well as other attack vectors like phishing attempts.

There are actionable steps you can take to minimize risks though, and we cover some below.

Think You’ve Been Affected? Take These Steps Now

As FlightAware’s official notification reads, if you think you’re data has been exposed by the error, you should reset your password upon your next login by using the link provided. To lower the risk of your account being hacked in the future, we suggest using a strong password with a mix of upper and lower-case letters, numbers, and special characters.

The best passwords include at least 12 characters too. But don’t worry, you don’t need to commit these lengthy codes to memory. The best password managers create unique codes for you and store them in their vault before automatically entering them into apps like FlightAware when you log in again.

Since login information may have been compromised in the incident, we also recommend activating two-factor authentication on your accounts. This adds an extra layer of security by requiring a secondary form of verification. Finally, to avoid falling victim to a phishing attack, you should monitor your inbox for unusual activity – especially if the sender is claiming to be from FlightAware.

For further assistance, you can reach out to a member of FlightAware’s customer support center at privacy@flightaware.com or by mail at their Houston office.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top