Major U.S. flight data aggregator FlightAware had data from its customers since January 2021 exposed as a result of a configuration error that has already been remediated after being discovered late last month, according to TechCrunch.
Information compromised due to the misconfiguration included individuals' names, birth years, shipping addresses, billing addresses, IP addresses, social media accounts, and phone numbers, as well as their credit cards' last four digits, aircraft and industry details, titles, pilot status, and account activity, said FlightAware in its website.
However, further investigation disclosed in the firm's filing with the Office of the Attorney General of California revealed the exposure of individuals' Social Security numbers and passwords.
Additional details regarding the number of people impacted by the breach and the potential exfiltration of the leaked information remain uncertain but FlightAware has already mandated account credential resets for all affected users.
