The US airline CommuteAir reportedly left a federal "No Fly List" on an unsecured server that was then accessed by a Swiss hacker.
3The exclusive report comes from The Daily Dot that claims US airline CommuteAir left an unsecured server open that contained a large quantity of sensitive information. This server was accessed by a Swiss hacker that goes by "maia arson crimew" who wrote a blog post titled "how to completely own an airline in 3 easy steps," where they explained that they stumbled across the sensitive server by accident and through boredom.
Essentially, the hackers were just looking around through a search engine called Shodan when they discovered the server and a file titled "NoFly.csv". The file was opened, and the hackers discovered a 2019 version of a federal No Fly list that includes first and last names as well as dates of birth. The Daily Dot reports the list contained the names and aliases of many high-profile people, such as the recently-freed Russian arms dealer Viktor Bout and his 16 aliases.
3CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot that the server also contained sensitive information on CommuteAir employees and flight information, and the company has submitted a notification to the Cybersecurity and Infrastructure Security Agency while also conducting its own investigation.
The information contained in the exposed server was already looked over by researchers, and according to The Daily Dot, the no-fly list contained a heavy bias against Muslim people. Unfortunately, the hacker or CommuteAir didn't confirm the specific number of people on the 2019 no-fly list. However, according to Sen Dianne Feinstein, the 2016 no-fly list contained more than 81,000 people, which is at least something to go by.
It should be noted that in crimew's blogpost, they wrote they found lots of mentions of the word "crew" and other words they recognized after binge-watching "mentor pilot YouTube videos".
Erik Kane, a spokesperson for CommuteAir, said in a statement to Insider that based on initial internal investigations, no customer data was exposed and that CommuteAir has since taken the exposed server offline. Furthermore, the Transportation Security Administration has confirmed it's been made aware of the incident and has launched its own investigation.
For more information on this story, check out this link here.
iPhone 16 Pro to get upgraded camera that may raise costs by 30%
GeForce RTX 4090 is limited to 120 Hz on the dual 4K 2040 Hz Samsung Odyssey G9 Neo monitor
Here's how much titanium is actually in the iPhone 15 Pro and what it's worth
Game Pass to make $8 billion revenue by 2030, Microsoft hopes
Google, Apple, and Valve game revenues revealed in Xbox leaks
MAINGEAR MG-1 Silver Gaming PC Review
MSI Immerse GH50 Wireless Gaming Headset Review
TeamGroup T-Force Z540 2TB SSD Review - Fastest Retail SSD to Date
Ace Magician AMR5 "Ryzen 5800U" Mini PC Review
XPG Core Reactor II 850w ATX 3.0 80 PLUS Gold PSU Review
Gran Turismo Cinema Review
Phison E26 Max14um ES 2TB SSD World Exclusive Preview - Fastest in history
First-Person Shooter documentary review: Chronicle of Carnage
Indiana Jones and the Dial of Destiny Cinema Review
Power all your gaming needs with MSI's ATX 3.0 and PCIe 5 range of PSUs