One of the world’s most popular flight tracking services, Flightradar24, which displays flight information in real time on a map, has suffered an enormous data breach that could have compromised e-mail addresses and passwords. more than 230,000 customers.
Without publicly disclosing information about the violation through their blog or social media account, Flightradar24 started sending emails earlier this week with a link for resetting the password, asking them to change their password.
Incomplete reference of the announcement of the data breach announced suddenly by e-mail and the provision of a unique password reset link to each user has led some customers to suspect that they were the target of a phishing attack.
However, the company later confirmed the violation by answering the questions of its customers on the official forum and on Twitter, stating that the violation notifications received by e-mail are legitimate and that neither the payment nor the payment of personal information has been compromised.
“The security breach could have compromised email addresses and hash passwords for a small subset of Flightradar24 users (those who registered before March 16, 2016),” the company said.
“We have already invalidated your old password and the link in the email will allow you to create a new password.”
The Swedish company also confirmed that the security breach was limited to one of its servers, which was closed immediately after detection of last week’s intrusion.
The company claimed that the violated passwords had been hacked, even if it did not specify the hash algorithm or was protected with a salt, which adds an extra layer of security to your words. password hashing.
To protect the accounts of its customers, in the event that some hackers are able to hack certain passwords from the list, Flightradar24 has already expired previous passwords for the affected user, forcing them to set a new password before accessing their accounts.
However, it would also be a good idea to change passwords on other online services and platforms if you share the same credentials.