Flight tracking service Flightradar24 suffered a data breach
21.6.18 securityaffairs  Incindent

The popular flight tracking service Flightradar24 has discovered a data breach that affected one of its servers.
The company notified the incident to its users via email and asked them to change their passwords, affected users’ passwords have been reset.

FlightRadar24 promptly reported the incident to the Swedish Data Protection Authority in order to comply with the EU’s General Data Protection Regulation (GDPR).

According to Flightradar24, hackers may have accessed email addresses and password hashes associated with accounts registered prior to March 16, 2016.

At the time there is no information about the hashing algorithm that was used to protect the passwords,

Initially many users that received the message believed that the data breach notification was the result of a phishing campaign because there was no official news from Flightradar24, but later the company admitted the incident and confirmed that the emails were legitimate.

Senile Delinquent
@SenileDelinque1
18 Jun
@flightradar24 Is this for real or is a phishing expedition? Clicking on the Unsubscribe link at the end of the email takes me to an odd website. Anyone else had this? pic.twitter.com/3P0Lensv5B

Flightradar24

@flightradar24
Hello, it is legitimate. We have already invalidated your old password and the link in the email will allow you to create a new password. We apologize for any inconvenience this may cause.

4:13 PM - Jun 18, 18
1
See Flightradar24's other Tweets
Twitter Ads info and privacy
A moderator of the Flightradar24.com forum confirmed that no personal and financial information was exposed.

“We can confirm that the email some of our users received in regards to a security breach has been sent by us. The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).

We would like to apologize that this breach occurred and for the inconvenience this may cause. We would also like to stress that we have no indication any of personal information was compromised.” wrote a company spokesman on the official forum.

“The security breach was limited to one server and it was promptly shut down once the intrusion attempt had been ascertained. An email has been sent to users with affected accounts. Please note that no payment information has been compromised. Flightradar24 neither handles nor stores payment information.”

FlightRadar24

The company added that it has contained the incident, just after it discovered one of its servers was compromised it shut down the machine.

The bad news is that the company admitted that passwords were protected by an old hashing algorithm that allows attackers to crack the hashes, Flightradar24 introduced a more secure hashing algorithm only since 2016.

At the time it is not clear how many users have been affected, the company reported that the incident involved only “small subset” of users.

FlightRadar24 claims to have over than 40 million users per month, this means that the number of affected users could be anyway important.

FlightRadar24 promptly reported the incident to the Swedish Data Protection Authority in order to comply with the EU’s General Data Protection Regulation (GDPR).