FlightAware Alerts Customers About Data Breach Involving Exposure of Personal Details, Including Social Security Numbers

Flight tracking platform FlightAware has identified a “configuration mistake” as the reason behind the unintended disclosure of a wide array of personal details belonging to its users, including partial Social Security numbers for some.

Describing itself as one of the premier repositories of flight information, FlightAware disclosed through an advisory on its site that this unspecified mishap was detected on July 25, revealing information such as names, email addresses, and additional data based on what particulars the users had furnished to the platform.

The compromised information detailed by FlightAware includes “billing and shipping addresses, IP addresses, social media profile details, phone numbers, birth years, the last four digits of credit card numbers, details regarding aircraft ownership, industry, job title, pilot credentials (yes/no), and user activity on the account including observed flights and posted comments.”

Through another advisory communicated to the California attorney general’s office, FlightAware revealed that its probe unveiled that passwords and Social Security numbers were compromised as well.

Consequently, the entity is mandating a password reset for all impacted account holders. The notification, however, leaves unclear whether the passwords in question were encrypted or the depth of such encryption.

The documentation lodged with the authorities marks the inception of this breach as January 2021, indicating the issue persisted for over three years.

FlightAware’s reference to a configuration blunder implicates an internal oversight rather than attributing the exposure to an external security breach.

Although FlightAware has acknowledged the data exposure, it remains uncertain if the data was actually accessed or taken by unauthorized parties, or if FlightAware possesses the technological capabilities, like logs, to ascertain whether the data was downloaded.

Kathleen Bangs, a spokesperson from FlightAware, did not reply to inquiries about the incident nor disclosed the number of users impacted by this breach.

According to statements on its official website, FlightAware serves more than 10 million users each month.