ADVERTISEMENT

Canadian Flair Airlines left user data leaking for months

Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands.

flyflair.com data leak

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Sep 26, 2023 Updated: 15 November 2023 3 min read
  • MySQL database credentials and location for the local database
  • MySQL database credentials and location for the remote, internet-connected database
  • SMTP configuration, including credentials and secret tokens, for the [email protected] and [email protected] emails.
  • Laravel App key (popular open-source PHP web framework)
  • First and last name
  • Email
  • Phone number
  • Flight details (destinations, dates, flight numbers, etc.)
  • Other information (in its privacy policy, the company states that it collects gender, address, and date of birth information)
Flyflair public env file
ADVERTISEMENT

Leak provides several attack vectors and can be dangerous

For users ­­– caution advised

ADVERTISEMENT