ALERT: Did you book an Arik flight online in 2017? Your data might have leaked

ALERT: Did you book an Arik flight online in 2017? Your data might have leaked
October 31
18:15 2018

If you flew Arik Air between December 31 and March 16, 2017, then your data might have been compromised.

On Wednesday, Justin Paine, head of trust & safety at Cloudflare, announced that he uncovered a data leak of the airline during a routine search for “open, exposed, or vulnerable Amazon S3 buckets”.

An Amazon Simple Storage Service (Amazon S3) bucket is a public cloud storage resource similar to file folders. It stores objects consisting of data and descriptive metadata.

Paine said on September 6, he discovered an exposed bucket, containing a large number of CSV files, also a data storing tool.

He said he later traced the ownership to Arik Air.

Leaked customers’ details

“A total of 994 CSV files were found in the bucket, with some of the files containing more than 80,000 rows of data while other files contained over 46,000 rows of data. Some files contained 3 rows of data,” he wrote.

“A further investigation revealed that sensitive information that leaked included customer names, email addresses, internet protocol addresses (IPs) registered at point of purchasing tickets, the hashes of credit cards used and what appears to be the first six digits and last four digits of the credit card used for purchase.”

Explaining the implication of this breach, Paine said: “A malicious person could potentially use this sensitive information to target one of these customers of Arik Air for identify theft. With the information included in this leak a fraudster would have plenty of useful data points.

“It is possible to map out all flights this user has taken in the 3.5 months contained by this leaked data.”

After several attempts to notify Arik Air of the security breach, Paine said he only got a response over two weeks later.

After another check on October 10, Paine said the leaked bucket had been “properly secured.”

Adebanji Ola, spokesman of the airline, told TheCable a statement would be issued on the development.


WHATSAPP 08113975334
TWITTER @thecableng
Copyright 2019 TheCable. All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from TheCable.

Social Comments


No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment

Write a Comment

Your email address will not be published.
Required fields are marked *



Exchange Rates

December 05, 2019USDGBPEUR
NOTE: The black market rates represent the most prevalent. They could be slightly higher or lower among different sellers.