Exploit: Misconfiguration
Pegasus Airlines: Air Carrier
Risk to Business: 1.963 = Severe
Turkish carrier Pegasus Airlines has disclosed that data including the personal information of flight crew alongside source code and flight data has been exposed as the result of a misconfiguring an AWS bucket. Researchers discovered an estimated 23 million files were found on the bucket, totaling around 6.5TB of leaked data. This included over three million files containing sensitive flight data including flight charts and revisions, insurance documents, details of issues found during pre-flight checks and information on crew shifts. Over 1.6 million of the exposed files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code and data from Pegasus’s proprietary software was also exposed, including plain text passwords and secret keys.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.
Source: Infosecurity Magazine