Personal information of civilians who were on an outdated version of the US Government’s No Fly List and Terrorist Screening Database was found on an open server by a 23-year-old Swiss hacker.
On January 12, Maia Arson Crimew, an influential hacker noted by the Department of Justice in a separate indictment, discovered the highly sensitive documents while browsing through a search engine full of unsecured servers.
The text file “NoFly.csv,” which refers to the subset of people in the Terrorist Screening Database who have been prohibited from flying because of suspected or known ties to terrorist organizations, was found after server analysis.
According to crimew, there were reportedly more than 1.5 million entries on the list overall. The data includes names and birthdates. The number of distinct people was significantly fewer than 1.5 million because it also contained many aliases.
According to the hacker, CommuteAir, an Ohio-based minor airline, maintained the insecure Amazon Web Services cloud server that contained the No Fly List as well as confidential data on roughly 1,000 of the airline’s employees. Their passport numbers, addresses, and phone numbers were apparently included in this data.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: