FlightAware reports leaking user data for years because of configuration error
Learn More
FlightAware, a Houston-based flight tracking platform, is reporting a data leak caused by a configuration error that left user data exposed for over three years.
The issue was identified on July 25, 2024, but the exposure dates back to January 1, 2021. The platform, which operates a global network of over 32,000 ADS-B ground stations, potentially exposed sensitive user information, including:
- User ID
- Password
- Email address
- Full name
- Billing and shipping addresses
- IP address
- Social media accounts
- Telephone number
- Year of birth
- Last four digits of credit card numbers
- Information about aircraft ownership
- Pilot status
- Industry and job title
- Account activity (such as flights viewed and comments posted)
- Social Security number (SSN)
The number of affected individuals is not disclosed.
FlightAware emphasized that while it remains unclear if the exposed data has been compromised, they have since resolved the configuration error.
Affected users are required to reset their passwords upon their next login and are offered a 24-month identity protection package from Equifax. Users are also advised to change passwords on other platforms where they may have reused the same credentials to prevent credential stuffing attacks.
