FlightAware, the 19-year-old aviation company that lets anyone track flights and their live paths, has revealed a massive data breach in its system that has left millions of users’ sensitive information exposed. According to reports, this data leak resulted from a configuration error that went undetected for more than three years and potentially compromises everything from email addresses to even social security numbers.
According to the company, it discovered a configuration error within its systems last month – an error that exposed the personal information of its users. The company stated that this error dates back to January 1, 2021, meaning that sensitive customer data has been vulnerable for over three years. During this period, anyone with access could have potentially viewed and even exploited this information.
This breach is particularly concerning because the exposed data goes beyond the basic user credentials, such as email addresses and passwords. More critically, it includes social security numbers, social media accounts, billing and shipping addresses, phone numbers, birth years and IP addresses, and even partial credit card numbers. For some users, particularly aviation professionals, the breach revealed information like aircraft ownership, pilot status, and detailed industry-related data.
Additionally, the breach compromised user activity on the platform, including information about flights viewed, comments posted, and other account-related activity. For aviation professionals, details such as aircraft ownership, industry titles, and pilot statuses were also at risk. This multifaceted exposure of data significantly increases the likelihood of identity theft, financial fraud, and other malicious uses of the stolen information.
Upon discovering the configuration error, FlightAware took immediate steps to correct the vulnerability. The company quickly filed a data breach notice with the California Attorney General’s Office, as required by state law, and began the process of notifying affected users. As part of its response, FlightAware has required all account holders to reset their passwords to secure their accounts from further risk.
For the millions of users affected by the breach, the news has been both frustrating and alarming. Many of these individuals rely on FlightAware for critical aviation-related information, and they are now left questioning the platform’s security. The exposed data could be used by malicious actors for a variety of nefarious purposes, from identity theft to financial fraud. Moreover, some users have expressed concerns about how FlightAware stored their passwords and other sensitive data.
In an effort to provide some level of protection and reassurance, the company is offering two years of free credit monitoring through Equifax to users affected by the breach. This service will help users track any suspicious activity on their credit reports that could be a result of the data exposure. However, while this offer is a step in the right direction, it remains to be seen whether it will be enough to mitigate the potential damage caused by the breach. For now, FlightAware has assured users that the configuration error has now been fixed and that the company is taking additional steps to ensure a similar breach does not occur in the future.