Please tighten your passwords and assume the brace position, says plane-tracking site

Data breach at Flightradar24 scored some email addresses and hashed passwords

Flightradar 24
Live European air traffic on Flightradar 24 at the time of writing. Screenshot: The Register

Aviation professionals enthusiasts have been told to change their passwords after flight-tracking site flightradar24 warned of a data breach.

The site offers real-time visualizations of commercial flights in transit with a freemium model. Subscribers get access to more historical data or to a package of services aimed at aviation professionals.

However some subscribers have been sent emails that warn of a data breach, as follows:

I regret to inform you that late last week we identified a security breach that may have compromised the email addresses and hashed passwords … for a small subset of Flightradar24 users (those who registered prior to March 16, 2016), including you.

As the message offered a link to reset passwords, some members worried that it was a phishing scam. Flightradar24 personnel therefore hit the service’s forums to confirm the mails were genuine.

“We would also like to stress that we have no indication any of personal information was compromised” wrote a staffer named Olga. “The security breach was limited to one server and it was promptly shut down once the intrusion attempt had been ascertained,” she added, along with news that no payment data was compromised because the site doesn’t have it.

However she advised recipients of the mail “.. to change the password for your FR24 account. In case you’ve used the same password anywhere else, we strongly suggest you update it there as well.”

Which is just a little bit scary given that aviation pros have plenty of reason to use the site and such folks could conceivably re-use passwords on rather more sensitive services. ®




Biting the hand that feeds IT © 1998–2018