Skip to main content

Tech: Arik Air suffers massive leak that may put over 600,000 customers' data in danger

Arik Air suffers massive leak that may put over 600,000 customers' data in danger

Justin Paine, Head of Trust & Safety, Cloudflare, who conducted the research, says the sensitive files were owned by Arik Air, and the bucket contains 994 CSV files.

Arik Air has suffered a massive data leak compromising over 600,000 customers' details in an Amazon S3 leak.

The large file in CSV files was detected in a research conducted by Justin Paine, Head of Trust & Safety, Cloudflare, an internet security company based in U.S.

According to Justin, these sensitive files were owned by Arik Air, "West-Africa's leading airline" and the bucket contains 994 CSV files.

Some of these CSV files contain in excess of 80,000+ rows of data while other files contain 46,000+ rows of data, and in some cases, files only contain 3 rows of data, ” Justin said in a report via the website - rainbowtabl.es.

Why customer's information is in danger

According to him, a malicious person could potentially use this sensitive information to the target one of these customers of Arik Air for identity theft.

“With the information included in this leak a fraudster would have plenty of useful data points -- the person's name, email, first 6 and last 4 of the credit card, and a hint as to what the person's 2FA values might be so they could then focus on compromising that 2FA account (email or phone number) to take steal the users identify.

Some of the customers' data are from Teflon Hub, PayportSA, Flutterwave, Ntel and some commercial banks in Nigeria and other African countries with passengers on Lagos to Port Harcourt flights as most affected.

 

Information such as “dates of sale, payment values, types of currency used, device fingerprints -- which may relate to the use of mobile devices or desktop systems -- and in some cases, the departing and arriving airports all appear to be in the data dump.”

Justin Paine reaches out to reach Arik Air

Justin Paine, the data researcher said he contacted Arik Air over a month ago to disclose the leak but unable to reach them after multiple attempts.

“... after multiple messages on their corporate Facebook page and Facebook messages I eventually received a reply and they provided me with the email address for a security point of contact. Several days later the security point of contact confirmed they would review my report, and that was the last I heard from Arik Air. In all -- roughly 1 month elapsed from the time I notified them to the time they took action to acknowledge my report and to secure their customer's data.

It is not certain if any data have been affected by the leak but this could cause customers a whole lot of hard earned cash and could be among the biggest leak in Africa.

Nigerians react to report on data leak

Akin Oyebode in a twitter post described the inability of Arik Air to respond as a madness.

A breach of individual and corporate information, and it takes a month for Arik to reply or take action. See the corporate details exposed, includes banks. Madness.

 

Business Insider SSA contacts Arik Air communications team

Several calls from Business Insider SSA to Arik Air on Wednesday, October 31, 2018, were unanswered.

But Sources told BISSA that the organisation is currently working on the data leak report as some heads may roll in the coming days.

ridoola.blogspot.com.ng
Labels:

Comments

Post a Comment

Popular posts from this blog

EFCC insists on presentation of Grace Tiaga's death certificate in P&ID case

Tiaga's counsel communicated the unavailability of the death certificate, requesting additional time. The Economic and Financial Crimes Commission (EFCC) is steadfast in its demand for the death certificate of the late Grace Tiaga, a former director of legal services at the Ministry of Petroleum Resources, to be submitted in court. Tiaga faced charges brought by the EFCC, alleging her involvement in receiving payments from Process & Industrial Development (P&ID) to manipulate the 20-year gas supply and processing agreement (GSPA) against Nigeria. The EFCC claims that these illicit payments were made through her daughter and persisted even after her retirement. The accusations extend to Tiaga's purported failure to adhere to due process while providing legal counsel on the GSPA. Initially facing eight counts of fraud, she was remanded to Suleja prison in 2019, later granted bail, and the charges were expanded to 13 counts. As the trial progressed, the prosecution p...
Post a Comment
Read more

List of America's one-term presidents & why they were not re-elected

U.S. President Joe Biden becomes the most recent entrant in a list of president who served for only one term. U.S. President Joe Biden announced that he would not be seeking re-election for a second term in the November 5, 2024 elections. Biden, in a statement said that he would be focused on completing his remaining term, endorsing his Vice President Kamala Harris as his most preferred nominee for the Democratic Party to take on former President Donald Trump. Joe Biden endorses Kamala Harris as Democrats' candidate after withdrawing from race [X:@JoeBiden] Biden now joins a list of former U.S. Presidents that only served for one term. John Adams (1797-1801) The second president of the United States, John Adams was a Founding Father who faced significant challenges during his presidency, including conflicts with political adversaries and foreign nations. His support for the Alien and Sedition Acts, perceived as a violation of civil liberties, contributed to his unpopulari...
Post a Comment
Read more

Tinubu appoints MKO Abiola's son, Jamiu as SSA on Linguistics & Foreign Matters

President Bola Tinubu has appointed Jamiu Abiola as the Senior Special Assistant to the President on Linguistics and Foreign Matters. The appointee is one of the children of the late Chief Moshood Kolawole Abiola , the winner of the 1993 presidential election annulled by General Ibrahim Babangida . According to a statement by Segun Imohiosen , the Director of Information and Public Relations, Office of the Secretary to the Government of the Federation on Wednesday, November 27, 2024, Jamiu's appointment took effect from November 14, 2024. Imohiosen said the appointment aligns with the provisions of the Certain Political and Judicial Office Holders (Salaries and Allowances, etc) Act 2008, as amended. Until his recent deployment, the appointee served as the Special Assistant to the President of Special Duties in the office of the Vice President. Tinubu tasked Jamiu to work closely with the Federal Ministry of Foreign Affairs and bring his wealth of experience to bear in his new ...
Post a Comment
Read more