MESSY DATA LEAK! Is Arik Air To Blame?
If you have flown Arik Air between December 31, 2017 and March 16, 2018, you should be worried.
Some of your personal and financial data provided to the airline and it's payment platform operator during your booking may have been exposed.
An information technology expert who simply identified himself as Xxdesmus disclosed this in a post on a data security website,
Xxdesmus said he stumbled upon the leak “in the normal course of scanning for open/exposed/vulnerable Amazon S3 buckets”.
An Amazon S3 bucket is a public cloud storage resource available in Amazon Web Services' (AWS) Simple Storage Service (S3).
According to him, after he discovered the massive data leak on September 6, 2018 he tried unsuccessfully until October 10, 2018 to reach the airline to no avail, while noting that the leaked data either belonged to Arik or its payment processor.
Some of the sensitive information leaked include:
1. Customer email address
2. Customer name
3. Customer's IP at time of purchase
4. A hash of the customer's credit card
5. What appears to be last 4 digits of the credit card used.
6. What appears to be maybe be the first 6 digits of the credit card used.
7. A unique device fingerprint (presumably the user's mobile or desktop device?)
8. Type of currency used
9. Payment card type
10. Business name related to the purchase.
11. Amount of purchase
12. Date of purchase
13. Country of origin of the purchaser.
You can read the full report HERE.
MeanwhileBounce News tried to reach out to Arik Air.
One of their representatives said they are unaware of the leak and promised to get back to us but we are yet to hear from Arik at the time of filing this report.
Don't forget to share this story with your friends.