Lion Air Group data breach: 35 million passenger data is leaked from AWS servers

Network security specialists report that Malindo Air, a subsidiary of Lion Air Group, a low-cost Indonesian airline, suffered a data breach that has compromised the information of thousands of passengers. The compromised information was even detected in multiple information-sharing forums for more than a month. Compromised records include phone numbers, passport details, and information about users’ flights.

Researchers from security firm Kaspersky Lab
found that more than 30 million airline records were available for download on
some forums, so they concluded that the most likely cause of this incident is a
misconfigured server.

The databases were first published on August 12;
after revoking access, those responsible republished the databases on September
10 and 17. “Whoever did this must have access to the Amazon Web Services
(AWS) bucket where this information was stored,” network security
specialists say.

Through a statement released a few hours ago,
Malindo Air acknowledged the incident, adding that all of its servers
“have already been fully secured and any vulnerability has been
corrected”. Malindo Air also noted that its users’ payment card
information has not been exposed during this incident; an external security company
is in collaboration with the company for the investigation of the incident.

Network security specialists say that poor configuration
of cloud computing deployments has become one of the leading causes of
information security incidents in recent times. It is important to add that
these kinds of implementations, such as AWS buckets, have default private
configuration, so it is the responsibility of the companies that use them to
verify the correct implementation of any changes to this settings.

Roger Grimes, specialist at KnownBe4 firm,
confirms this theory, stating that thousands of companies around the world make
the same security mistakes as Lion Air all the time: “The wrong configuration
of access and permissions in cloud computer deployments is one of the most
common cybersecurity issues today.” 

In addition to the errors of the staff in
charge of these implementations, we should not forget the role of threat
actors. Network security specialists at the International Institute of Cyber
Security (IICS) mention that, due to the large amount of confidential details
they manage, airlines have become one of the main attack targets for hackers,
generating serious public image problems and huge economic losses for the
companies. A year ago, for example, a data breach at British
exposed the personal information of more than 350k users,
resulting in a fine of more than £180 million for the company.

Experts recommend that users concerned about
the security of their data contact the airline, as well as remain alert to
possible phishing attempts and other fraud variants.

To Top

Pin It on Pinterest

Share This