Hackers claim to be selling leaked US ‘No Fly’ list
A recently leaked US ‘No Fly’ list with a million entries was allegedly posted on hacker forums.
On January 26, a threat actor listed a dataset for sale that allegedly is the recently leaked ‘No Fly’ list. The exposed files contained more than 1.5 million entries with full names and birth dates of individuals denied boarding an aircraft and around 250,000 entries of selectees who must undergo additional security screening before flying.
The ‘No Fly’ list is a small subset of the US government's Terrorist Screening Database, which includes the personal information of identified or suspected terrorists. It is managed by the FBI's Terrorist Screening Center.
Found data on an unprotected server
A Swiss hacker using the pseudonym "maia arson crimew" was the first to find a redacted 2019 version of the anti-terrorism ‘no fly’ list on the Michigan-based airline CommuteAir server on January 12.
The hacker found a database while searching for unsecured servers online. One stumbled upon "NoFly.csv" and "selectee.csv" files that contained more than 1.5 million entries, including names and dates of birth of people identified by the FBI as "known or suspected terrorists" who are prevented from boarding aircraft. Additionally, the server stored confidential CommuteAir employee information, such as passport numbers.
CommuteAir confirmed the authenticity of the data and stated that it was a "federal no-fly list." Erik Kane, corporate communications manager for CommuteAir, said to Daily Dot there was a 'misconfiguration, which caused the server to be exposed.
According to their initial investigation, the company claimed that the server was taken offline in advance and did not expose any customer information.
More from Cybernews:
Soldiers hurt Ukraine more than hackers, says WEF
Meta to encrypt Facebook Messenger
Microsoft hit by big outage: Xbox, Outlook, Teams down
Riot Games confirms ransomware
Big Tech continues mass layoffs in Silicon Valley's firing epidemic
Subscribe to our newsletter
Your email address will not be published. Required fields are marked