FlightAware joins the ever-growing list of companies that are incapable of safeguarding their user data and apparently have leaked everything.
According to the email sent by FlightAware yesterday, they have potentially exposed pretty much all customer data, including user ID, password, email address, full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, and the last four digits of your credit card number.
You can access FlightAware here.
FlightAware’s Message to Users:
Hello,
FlightAware respects the privacy of your personal information and takes the security of that information seriously. We write to let you know about a data security incident that potentially involves your personal information and, out of an abundance of caution, we are requiring you to reset your password. Upon your next log-in to FlightAware, you will be prompted to reset your password or, for your convenience, you may use the following link: https://www.flightaware.com/account/reset.
What Happened?
On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).
What We Are Doing?
FlightAware values your privacy and deeply regrets that this incident occurred. Once we discovered the exposure, we immediately remedied the configuration error. Out of an abundance of caution, we are also requiring all potentially impacted users to reset their password.
Please note that this notification was not delayed as a result of a law enforcement investigation.
What Other Steps Can You Take?
If there is anything FlightAware can do to further assist you, please email our Customer Support Center at [email protected] or write to FlightAware – Attn: Privacy, 11 Greenway Plaza, Suite 2900, Houston, TX 77046.
Sincerely,
Matt Davis,
President and General Manager
FlightAware, Inc.
Conclusion
I’m not sure why it is so difficult for these companies to ensure that customer data is not exposed on the open web.
FlightAware is in violation of EU consumer protection rules that require businesses inform users of potential data breaches in 72 hours, and here they took more than 3 weeks.