The US airline CommuteAir reportedly left a federal "No Fly List" on an unsecured server that was then accessed by a Swiss hacker.
3The exclusive report comes from The Daily Dot that claims US airline CommuteAir left an unsecured server open that contained a large quantity of sensitive information. This server was accessed by a Swiss hacker that goes by "maia arson crimew" who wrote a blog post titled "how to completely own an airline in 3 easy steps," where they explained that they stumbled across the sensitive server by accident and through boredom.
Essentially, the hackers were just looking around through a search engine called Shodan when they discovered the server and a file titled "NoFly.csv". The file was opened, and the hackers discovered a 2019 version of a federal No Fly list that includes first and last names as well as dates of birth. The Daily Dot reports the list contained the names and aliases of many high-profile people, such as the recently-freed Russian arms dealer Viktor Bout and his 16 aliases.
3CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot that the server also contained sensitive information on CommuteAir employees and flight information, and the company has submitted a notification to the Cybersecurity and Infrastructure Security Agency while also conducting its own investigation.
The information contained in the exposed server was already looked over by researchers, and according to The Daily Dot, the no-fly list contained a heavy bias against Muslim people. Unfortunately, the hacker or CommuteAir didn't confirm the specific number of people on the 2019 no-fly list. However, according to Sen Dianne Feinstein, the 2016 no-fly list contained more than 81,000 people, which is at least something to go by.
It should be noted that in crimew's blogpost, they wrote they found lots of mentions of the word "crew" and other words they recognized after binge-watching "mentor pilot YouTube videos".
Erik Kane, a spokesperson for CommuteAir, said in a statement to Insider that based on initial internal investigations, no customer data was exposed and that CommuteAir has since taken the exposed server offline. Furthermore, the Transportation Security Administration has confirmed it's been made aware of the incident and has launched its own investigation.
For more information on this story, check out this link here.
LG's 32-inch gaming OLED monitor with 480Hz refresh rate is imminent, with pre-orders live now
Google Pixel 8a leak boasts 7 years of security updates but leaves one question unanswered
Apple has plummeted from first to fifth place in the Chinese smartphone market, analysts warn
You can blame Tim Cook for 8GB Macs, it seems
Apple removes three AI apps capable of creating nude images of people from the App Store
SteelSeries Arctis Nova 4X Wireless Gaming Headset Review
ACEMAGIC AD08 "Core i9 11900H" Mini PC Review
Lenovo ThinkPad X1 Carbon Gen 12 Review
ASUS ROG Swift Pro PG248QP Gaming Monitor Review - Frames, frames, and more frames
FlexiSpot C7B-Mesh Ergonomic Office Chair Review
Samsung G8 34-inch QD-OLED Gaming Monitor Review - 175Hz for $900
ASRock NUCBOX-155H Mini PC Review
NuPhy Air96 V2 Wireless Mechanical Keyboard Review
TEAM T-FORCE Siren DUO360 RGB Liquid CPU Cooler Review
AVerMedia Live Streamer ULTRA HD Review
Building the Ultimate Home Entertainment Server with an ASUSTOR NAS and Viper Gaming NVMe SSDs
Everything you need to know about the latest ASUS NUC Mini PCs - NUC 14 Pro and ROG NUC
How to Overclock Your GPU and Boost Your PC Gaming with ASUS GPU Tweak III
ASUS's AMD Radeon RX 7000 Series GPU lineup has something for every gamer
ASUS OLED Premium Care defends the ROG Swift OLED PG32UCDM gaming monitor from burn-in