Click here to visit Original posting
- A travel tracking software firm has suffered a data breach
- The researcher discovered 10 open Lost & Found databases
- Over 800,000 Lost & Found customers could be exposed
A dataset containing 820,750 records totaling 122GB has been discovered online, most likely belonging to German tracking software firm Lost & Found, which primarily services the aviation industry.
As revealed by security researcher, Jeremiah Fowler, this was in an unprotected and publicly exposed dataset of 14 databases in total, 10 that were accessible and 4 that were restricted. Within these, the researcher found shipping labels, lost item reports, and screenshots, ranging from personal electronics, wallets, bags, medical devices, and other personal effects travelers often take on flights.
That’s not all though, as a number of personally identifiable documents were also included, such as passport scans, drivers licenses, employment documents, and more. The researcher suggests these could either be lost and uploaded by airport staff, or used to file claims and identify ownership of lost documents.
Customers at risk
Once a disclosure notice was sent, the databases were restricted “within hours”. It’s not yet known whether the databases were owned and managed directly by Lost & Found, or if a third-party contractor had control. It’s also unclear how long the dataset was exposed, or if threat actors accessed the information.
Since there is a possibility that the information was accessed by threat actors, this leaves anyone exposed in the breach at risk. Since IDs and passports were included, this means the primary risk is identity theft, as criminals could use these scans to apply for loans, credit cards, or bank accounts.
To protect against this, anyone concerned they may be affected should closely monitor their account, transactions, and statements, and immediately report any suspicious activity to their bank.
Alongside this, be vigilant against any social engineering attacks by carefully inspecting any unexpected communications you receive from unknown sources - especially those prompting action.
You might also like
- Check out our list of the best firewall software around today
- Top IVF firm says hackers accessed private data during cyber incident
- We've also rounded up the best malware removal software on offer right now