Top flight tracking app says customer info has been leaked online — see if you're affected

FlightAware has become the latest in a long line of companies to have exposed sensitive customer data online by mistake.

The flight tracking website has sent a breach notification letter to affected customers, confirming that a “configuration error” discovered on July 25 2024 “may have inadvertently exposed” personal information people kept in their FlightAware accounts.

That information includes user IDs, passwords, and email addresses, and depending on the information the users left with the site, may also have included full names, billing addresses, shipping addresses, IP addresses, social media accounts, telephone numbers, year of birth, last four digits of their credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and account activity (flights viewed and comments posted).

No evidence of theft

At the same time, the company filed a breach notification form with the California Attorney General’s Office, which states that the incident actually occurred on January 1, 2021, more than three years ago.

It isn't known exactly how many users were affected by the incident, but as of 2024, FlightAware says it has over 12 million registered users worldwide.

The platform is widely used for tracking flights in real-time, providing valuable information to aviation professionals, travelers, and enthusiasts alike. FlightAware's services span a variety of industries, including airlines, airports, and government agencies.

There is no evidence of misuse, the letter said, meaning there is a good chance that no one found it before FlightAware did. In any case, the company has forced its entire user base to reset their passwords out of caution.

The flight tracking website did not say to what extent the passwords are scrambled, if at all. Therefore, if someone obtained the archive, they could potentially cross-reference the login information with other services, since people often use the same username/password combo across a wide variety of services.

Via TechCrunch

More from TechRadar Pro

• Hundreds of Google Firebase websites might have leaked data online
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now