FlightAware data leak – you thought you were tracking planes, but now somebody could be tracking you – what you need to know

Another day, another company sending a “Probably nothing to worry about, but maybe, if you kinda feel like it, it might be time to change your password” email.

FlightAware, the popular flight tracking app is, “a digital aviation company and operates the world’s largest flight tracking and data platform. With global connectivity to every segment of aviation, FlightAware provides over 10,000 aircraft operators and service providers as well as over 13,000,000 passengers with global flight tracking solutions, predictive technology, analytics, and decision-making tools.”

I have used FlightAware previously while dabbling in some online plane spotting for family and friends, which is why the following dropped into my inbox late last night: “FlightAware respects the privacy of your personal information and takes the security of that information seriously. We write to let you know about a data security incident that potentially involves your personal information and out of an abundance of caution, we are requiring you to reset your password.”

I can’t actually remember the last time I used the website so from that opening paragraph I wasn’t immediately alarmed.

However, in the explanation of what has seemingly happened the email goes much further “On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).”

From that one paragraph it seems that somebody could potentially have every last piece of data on you, and if they have, changing my password after being alerted nearly 25 days later is probably not going to have much effect. But thanks for the tip-off FlightAware.

While another line states that FlightAware is deeply regretful of what’s happened there is also a line that states, “Please note that this notification was not delayed as a result of a law enforcement investigation.” with no explanation of why it has then been delayed.

If there is any potential that literally all my details are out in the wild, including how many planes I own (okay, granted that column may not be that exciting) do we not really need to know pretty much instantly they do? It doesn’t have to be details but they could have told me I needed to change my password earlier.

It is unclear from the email whether FlightAware is, er aware of the data being removed, just it may have “inadvertently exposed” data to someone, anyone.

What you can do?

Well, you will have to change your password next time you log into FlightAware for starters, so it may be best to do that as soon as possible, although the horse has well and truly bolted.

If you use the same email and password combo to log into other sites (surely not), then you should change your password everywhere you can – a rather tedious job and you really should be using a password manager in this day and age for ease of managing multiple, secure passwords.

Besides that, you are going to need to keep an eye on anything that looks odd in your financials. It looks like in terms of credit card details they only have the last four digits but other information would give any potential bad actors plenty of information to socially engineer you or even pretend to be you in certain circumstances so watch out for unusual contacts claiming to be from other companies quoting back your details to persuade you they are legit.

As yet there is no indication of how many people this data leak has affected but if you are concerned about the leak FlightAware can be contacted at privacy@flightaware.com or write to FlightAware – Attn:  Privacy, 11 Greenway Plaza, Suite 2900, Houston, TX 77046.

Featured Image: via FlightAware

The post FlightAware data leak – you thought you were tracking planes, but now somebody could be tracking you – what you need to know appeared first on ReadWrite.