Top flight tracking app says customer info has been leaked online — see if you’re affected

FlightAware kept sensitive data exposed online for years

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

FlightAware has become the latest in a long line of companies to have exposed sensitive customer data online by mistake.

The flight tracking website has sent a breach notification letter to affected customers, confirming that a “configuration error” discovered on July 25 2024 “may have inadvertently exposed” personal information people kept in their FlightAware accounts.

That information includes user IDs, passwords, and email addresses, and depending on the information the users left with the site, may also have included full names, billing addresses, shipping addresses, IP addresses, social media accounts, telephone numbers, year of birth, last four digits of their credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and account activity (flights viewed and comments posted).

No evidence of theft

At the same time, the company filed a breach notification form with the California Attorney General’s Office, which states that the incident actually occurred on January 1, 2021, more than three years ago.

It isn’t known exactly how many users were affected by the incident, but as of 2024, FlightAware says it has over 12 million registered users worldwide.

The platform is widely used for tracking flights in real-time, providing valuable information to aviation professionals, travelers, and enthusiasts alike. FlightAware’s services span a variety of industries, including airlines, airports, and government agencies.

There is no evidence of misuse, the letter said, meaning there is a good chance that no one found it before FlightAware did. In any case, the company has forced its entire user base to reset their passwords out of caution.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The flight tracking website did not say to what extent the passwords are scrambled, if at all. Therefore, if someone obtained the archive, they could potentially cross-reference the login information with other services, since people often use the same username/password combo across a wide variety of services.

ViaTechCrunch

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Sihoo Doro S100 ergonomic office chair review