Flight Aware admits to leaking sensitive user data for years


Flight Aware on Monday revealed the popular flight tracking website has been leaking sensitive customer data, including social security numbers and payment information, since 2021.

The digital aviation data company filed a data breach security notice with California’s State Attorney General’s office on August 13th – along with a sample of the notification letter sent to FlightAware.com users.

“On July 25th, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address,” the letter stated.

“Additionally, our investigation has revealed that your Social Security number may have been exposed,” it said.

The Attorney General lists the ‘Date of Breach’ as January 1st, 2021, which implies that the configuration error had been in place and the site had been potentially leaking a plethora of user data for over three years.

Flight Aware boasts global connectivity with every segment of aviation, including 10,000 aircraft operators and service providers as well as over 13,000,000 passengers.

The online company also revealed that depending on what the user provided, the leaked information may have included over a dozen sensitive data points;

  • Full name
  • Billing and/or shipping address
  • Year of birth
  • IP address
  • Social media accounts
  • Telephone numbers
  • Last four digits of your credit card number
  • Information about aircraft owned
  • Industry, title, pilot status
  • Account activity (such as flights viewed and comments posted).  

The website states that the “world’s largest” and “trusted” global flight tracking solution “provides accurate real-time, historical and predictive flight insights,” as well as “analytics and decision-making tools” to millions of corporate and individual users in the US, Europe, Middle East, Africa, and Asia Pacific.

Flight Aware tracker site
FlightAware.com

Headquartered in Houston, Texas, the company also develops and offers a suite of its own open source software for other app developers in the aviation industry.

Although it is not necessary to create an account or pay for a subscription to use its services, Flight Aware shows that more than 10 million Android users have downloaded the app, while close to 300,000 Apple users have rated it in the App Store.

The company is now requiring all account holders to “reset your password upon your next login… out of an abundance of caution.”

The letter also said FlightAware values its customers’ privacy and “deeply regrets that this incident occurred.”

The company is offering two years of free comprehensive credit monitoring services and suggests users set up fraud alerts or freeze their credit reports. For more information, users can click on the letter here.

Flight Aware states it was founded in 2005 by “aviation geeks and big data nerds” to support optimization and reliability in the aviation industry.