Skip to main content

Tech: Arik Air suffers massive leak that may put over 600,000 customers' data in danger

Arik Air suffers massive leak that may put over 600,000 customers' data in danger

Justin Paine, Head of Trust & Safety, Cloudflare, who conducted the research, says the sensitive files were owned by Arik Air, and the bucket contains 994 CSV files.

Arik Air has suffered a massive data leak compromising over 600,000 customers' details in an Amazon S3 leak.

The large file in CSV files was detected in a research conducted by Justin Paine, Head of Trust & Safety, Cloudflare, an internet security company based in U.S.

According to Justin, these sensitive files were owned by Arik Air, "West-Africa's leading airline" and the bucket contains 994 CSV files.

Some of these CSV files contain in excess of 80,000+ rows of data while other files contain 46,000+ rows of data, and in some cases, files only contain 3 rows of data, ” Justin said in a report via the website - rainbowtabl.es.

Why customer's information is in danger

According to him, a malicious person could potentially use this sensitive information to the target one of these customers of Arik Air for identity theft.

“With the information included in this leak a fraudster would have plenty of useful data points -- the person's name, email, first 6 and last 4 of the credit card, and a hint as to what the person's 2FA values might be so they could then focus on compromising that 2FA account (email or phone number) to take steal the users identify.

Some of the customers' data are from Teflon Hub, PayportSA, Flutterwave, Ntel and some commercial banks in Nigeria and other African countries with passengers on Lagos to Port Harcourt flights as most affected.

 

Information such as “dates of sale, payment values, types of currency used, device fingerprints -- which may relate to the use of mobile devices or desktop systems -- and in some cases, the departing and arriving airports all appear to be in the data dump.”

Justin Paine reaches out to reach Arik Air

Justin Paine, the data researcher said he contacted Arik Air over a month ago to disclose the leak but unable to reach them after multiple attempts.

“... after multiple messages on their corporate Facebook page and Facebook messages I eventually received a reply and they provided me with the email address for a security point of contact. Several days later the security point of contact confirmed they would review my report, and that was the last I heard from Arik Air. In all -- roughly 1 month elapsed from the time I notified them to the time they took action to acknowledge my report and to secure their customer's data.

It is not certain if any data have been affected by the leak but this could cause customers a whole lot of hard earned cash and could be among the biggest leak in Africa.

Nigerians react to report on data leak

Akin Oyebode in a twitter post described the inability of Arik Air to respond as a madness.

A breach of individual and corporate information, and it takes a month for Arik to reply or take action. See the corporate details exposed, includes banks. Madness.

 

Business Insider SSA contacts Arik Air communications team

Several calls from Business Insider SSA to Arik Air on Wednesday, October 31, 2018, were unanswered.

But Sources told BISSA that the organisation is currently working on the data leak report as some heads may roll in the coming days.

ridoola.blogspot.com.ng
Labels:

Comments

Post a Comment

Popular posts from this blog

Okpebholo suspends A-G & LG Chair under 3 months over finance dealings

The Edo Government has announced the suspension of Samson Osagie , its Attorney-General and Commissioner for Justice, and Damian Lawani , chairman of the Local Government Service Commission. Mr Musa Ikhilor , Secretary to the State Government (SSG) announced the suspension in a statement in Benin on Thursday morning. ALSO READ: Kano Govt suspend 2 school principals for alleged absenteeism, negligence Ikhilor said the two-state top officials were suspended over allegations of “grave official and financial interactions”. Okpebholo suspends Edo Attorney-General and LG Service Commission Chairman According to him, the suspension, which takes immediate effect, is pending the conclusion of an investigation into the allegations. The SSG said; It is hereby announced for the information of the general public that Gov. Monday Okpebholo has approved the suspension from office of the Chairman of Edo Local Government Service Commission, Damian Lawani and Commissioner for Justice, Samson Os...
Post a Comment
Read more

Family Homes Funds, TETFund & Private Investors Lead National PPP Drive for Renewed Hope Student Housing Projects

The Renewed Hope Student Housing Project is a Public Private Partnership initiative of His Excellency Bola Ahmed Tinubu GCFR that is set to improve the living standards and revitalize infrastructure across Tertiary Institutions in the country with a plan to deliver 38,400 world class student hostel bed spaces across a total of 24 locations: 12 Universities, 6 Polytechnics & 6 Colleges of Education. The Renewed Hope Student Hostel Project in each of the 24 locations will boast 1,600 bed spaces, 400 ensuite rooms with study table and chairs, 4 reading rooms, common room, cafeteria & restaurants, laundromat, grocery shops, salons, public toilets etc.  Family Homes Funds Limited (FHFL), in partnership with the Federal Government of Nigeria, the Tertiary Education Trust Fund (TETFund) and Africa Plus Partners Nigeria Limited is set to deliver on Mr. President’s promise to transform student accommodation nationwide through the Public Private Partnership (PPP) Renewed Hope Stude...
Post a Comment
Read more

NYSC Mobilisation & Academic Standards – Raising quality or adding pressure on students?

On September 29, 2025, President Bola Ahmed Tinubu approved a reform linking the National Youth Service Corps (NYSC) mobilisation process to the National Policy for the Nigeria Education Repository and Databank (NERD). By invoking Sections 2(4)(4) and 16(1)(C) of the NYSC Act, Tinubu stated that no graduate, whether from a Nigerian or foreign institution, will be mobilised for or exempted from NYSC without proof of compliance with the NERD policy. In a common man's understanding, the Federal Government has announced that Nigerian students must now submit their final-year projects or thesis before they can be mobilised for the National Youth Service Corps (NYSC). This policy aims to improve academic standards, ensuring that no student skips essential academic requirements before entering the NYSC scheme . On the surface, this sounds like a laudable idea, but a deeper look reveals a different reality. In many universities, students are allowed to graduate and mobilised for NYSC  ...
Post a Comment
Read more