iscover
Users of the popular flight tracking application FlightAware received an unwelcome surprise in their email inboxes on 17 August, when the company sent out notice that it had experienced a “data security incident”.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
The email – attributed to FlightAware’s general manager, Matt Davis – warns its recipients the incident may have exposed a swathe of personal information and that users will be prompted to reset their passwords the next time they log on. Thousands of Australians may have been affected by the incident.
“On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address,” Davis said.
“Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).”
Davis added that the configuration error has been addressed, and that “this notification was not delayed as a result of a law enforcement investigation”.
FlightAware has not said a malicious actor accessed the data, nor has the company revealed exactly how long the data had been exposed for. No threat actor has claimed to have access to any FlightAware data at the time of writing.
According to FlightAware’s website, the application “provides over 10,000 aircraft operators and service providers as well as over 13,000,000 passengers with global flight tracking solutions, predictive technology, analytics, and decision-making tools”.
Australian Aviation’s sister publication, Cyber Daily, has reached out to FlightAware for further comment.
