Millions of Lion Air Passenger Records Exposed and Exchanged on Forums

ens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web.

The records are present in two databases, one with 21 million records, the other with 14 million entries, in a directory holding backup files created in May 2019 mostly for Malindo Air and Thai Lion Air.

Another backup file has Batik Air in its name, an airline whose parent organization is also Lion Air.  TOP ARTICLES1/5READ MOREEmotet Revived with Large Spam Campaigns Around the World

Sensitive personal information exposed

Leaked details include passenger and reservation IDs, physical addresses, phone numbers, email addresses, names, dates of birth, phone numbers, passport numbers, and passport expiration dates.

credit: Under the Breach

BleepingComputer could not find an announcement from Lion Air or its subsidiary airlines about a data exposure incident.

Researcher Under the Breach published samples of the two databases, making sure to mask the personal details of the passengers 

HUGE: Hacker dumps @lionairthai‘s customer and flight database
First database has 21 million records which include passenger ID, Reservation ID, customer address, phone number and email (1/2)#breach #database #gdpr #blackhat

View image on Twitter

Under the Breach@underthebreach

Second database has 14 million records which include the name, date of birth, phone number, passport number and passport expiration date.

researchers, contact us for more details.

View image on Twitter

164:29 PM – Sep 11, 2019Twitter Ads info and privacySee Under the Breach’s other Tweets

Data circulating for at least a month

It is unclear when the data was first accessed, but one user that collects sensitive information from various data exchange forums published on their website the link to the open AWS bucket on August 10.

Spectre told BleepingComputer that dumping of the two databases on multiple forums began after they published the AWS bucket URL.

On August 12, someone offered them on a relatively known data exchange community and some time later the bucket got secured.

Two databases from the cloud storage are still in circulation, though, available upon request. BleepingComputer saw the index of the open directory and noticed that backup files, the most recent from May 25, named ‘PaymentGateway.’

Additional backup names included references to the company’s loyalty reward program and the online booking service GoQuo that also provides customer analytics solutions.

BleepingComputer did not get access to the content of the backup files but the names of the entries alone suggest that highly sensitive information was exposed and is accessible to unauthorized individuals.

The mix of personal data that has already been converted to clear text qualifies as a privacy risk to their owners and has a high probability of being used by threat actors for financial gain.

Original Post:

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.