https://static.flightaware.com/pdf/fa_data_notification.pdf

Popular flight tracking platform FlightAware suffered a data breach due to a configuration error that left user information exposed from January 1, 2021, to July 25, 2024.

The breach potentially exposed a range of personal data, including usernames, passwords, email addresses, and for some users, even Social Security numbers. Additional information like billing addresses, phone numbers, and even pilot licenses could also be compromised.

While the exact number of impacted users is unknown, FlightAware boasts over 12 million registered users, suggesting the breach could be significant. The company itself has not confirmed the number affected.

FlightAware has addressed the configuration error and is requiring all potentially impacted users to reset their passwords upon their next login. Additionally, they are offering a free 24-month identity protection service through Equifax to all affected users.

Here’s what you need to do:

• If you have a FlightAware account, be prepared to reset your password upon your next login.
• Consider changing your password for any other online accounts where you might be using the same credentials.
• Report any suspicious activity to your local law enforcement agency.

This incident highlights the importance of secure configuration practices and the dangers of reusing passwords across multiple platforms.