A hacker stumbled upon TSA's no-fly list via unsecured airline server

a Swiss hacker known as "maia arson crimew" found the unsecured server while using the specialized search engine Shodan. There was apparently a lot of sensitive information on the server, including a version of the no-fly list from four years ago

#commuteair #TSA #travel #airlines #nofly #noflylist #security #cybersecurity #infosec #databrech #hacker #hacking #hacked

https://mashable.com/article/no-fly-list-leaked

US Airline Accidentally Exposes 'No Fly List' On Unsecured Server - Slashdot

contained the identities of hundreds of thousands of individuals from the US gov’s Terrorist Screening DB & "No Fly List." … was left exposed on the public internet. It revealed a vast amount of company data, including private info on almost 1,000 #CommuteAir employees.
#privacy #noflylist

https://yro.slashdot.org/story/23/01/20/2238232/us-airline-accidentally-exposes-no-fly-list-on-unsecured-server

The US-based airline #CommuteAir accidentally exposed the No Fly List that includes the identity of hundreds of thousands of individuals included in the US Government's Terrorist Screening Database.

The dataset was left exposed on the public Internet due to pure incompetence.

The file was conveniently named NoFly.csv and contained about 1.5 million entries 🤦

This situation exemplarises the principle of the weakest link in #security.

https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/