© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Hackers claim to be selling leaked US ‘No Fly’ list

Updated on: 27 January 2023
Airplane
Image from Shutterstock

A recently leaked US ‘No Fly’ list with a million entries was allegedly posted on hacker forums.

On January 26, a threat actor listed a dataset for sale that allegedly is the recently leaked ‘No Fly’ list. The exposed files contained more than 1.5 million entries with full names and birth dates of individuals denied boarding an aircraft and around 250,000 entries of selectees who must undergo additional security screening before flying.

Screenshot of the file
Screenshot of the file allegedly to be a 'No Fly' list

The ‘No Fly’ list is a small subset of the US government's Terrorist Screening Database, which includes the personal information of identified or suspected terrorists. It is managed by the FBI's Terrorist Screening Center.

Screenshot of the post in a hacker forum

Found data on an unprotected server

A Swiss hacker using the pseudonym "maia arson crimew" was the first to find a redacted 2019 version of the anti-terrorism ‘no fly’ list on the Michigan-based airline CommuteAir server on January 12.

The hacker found a database while searching for unsecured servers online. One stumbled upon "NoFly.csv" and "selectee.csv" files that contained more than 1.5 million entries, including names and dates of birth of people identified by the FBI as "known or suspected terrorists" who are prevented from boarding aircraft. Additionally, the server stored confidential CommuteAir employee information, such as passport numbers.

CommuteAir confirmed the authenticity of the data and stated that it was a "federal no-fly list." Erik Kane, corporate communications manager for CommuteAir, said to Daily Dot there was a 'misconfiguration, which caused the server to be exposed.

According to their initial investigation, the company claimed that the server was taken offline in advance and did not expose any customer information.

More from Cybernews:

Soldiers hurt Ukraine more than hackers, says WEF

Meta to encrypt Facebook Messenger

Microsoft hit by big outage: Xbox, Outlook, Teams down

Riot Games confirms ransomware

Big Tech continues mass layoffs in Silicon Valley's firing epidemic

Subscribe to our newsletter

Share
Tweet
Share
Share
Share
Leave a Reply

Your email address will not be published. Required fields are marked