Anuvu, an in-flight entertainment and connectivity (IFEC) service provider, has allegedly fallen victim to a hacker attack. The exposed data revealed which customers used Starlink services.
Attackers announced the attack on Anuvu via a post on a popular data leak forum, which is utilized to exchange stolen data. The stolen details supposedly include numerous admin-level credentials that, the post's author claims, allow access to the company’s AWS and Postgres databases.
We’ve contacted Anuvu for comment and will update the article once we receive a reply. Anuvu, an IFEC service provider, mainly works with airlines and maritime operators. Prior to 2021, the company was called Global Eagle. The company’s partners include Air France, Delta, Southwest, British Airways, and others.
Meanwhile, the Cybernews research team investigated the data that attackers attached to the post, concluding that it appears to be legitimate. According to the team, the allegedly stolen details appear to include a trove of sensitive information.
What data was exposed?
One of the screenshots attackers included in the post reveals Anuvu’s maritime customers, with company names, Salesforce identifiers, and the type of market the business operates in.
Another damaging piece of leaked information includes user credentials consisting of full names, email addresses, password hashes, and addresses. According to the team, most of the credentials appear to be from 2024.
The team also found the full names of Anuvu managers included in the exposed information. Meanwhile, emails and physical addresses mostly refer to the companies that users work for.
“Logins are probably used for a customer-facing dashboard of some sort, since there is a mix of employee and customer logins here. Some physical addresses match office locations. People mentioned here seem legit as well,” the team explained.
The exposed information appears to include Starlink contract lines with customer information, order line identifiers, and service line identifiers. This means that Anuvu bought services from Starlink, and the exposed data shows which customers used Starlink services via Anuvu.
How can attackers use the exposed information?
The information that attackers provided reveals several risks posed by the alleged data leak. The main weak points here are user credentials. Although these are allegedly from 2024, some of the passwords may remain unchanged to this day, or have only slight modifications from what was used in 2024,” our researchers explained.
The team believes that attackers can exploit the leaked data to at least learn about Anuvu clients before targeting them. Targeted phishing campaigns against Anuvu and its clients offer another avenue for malicious activity.
Most worryingly, whoever has the allegedly leaked data on their hands could try using leaked passwords for credential stuffing attacks.
These involve attackers using stolen usernames and password combinations from previous data breaches to attempt logins across multiple platforms. Credential stuffing is often possible because users are prone to reusing the same password across different services.
Anuvu’s yearly revenue is estimated at around $370 million, with around 1,000 employees globally. The company works with over 150 airlines and 30 cruise-line customers.
Your email address will not be published. Required fields are markedmarked