A breach that reportedly exposed data on millions of passengers of two Lion Air airline subsidiaries is another example of the massive exposure that organizations face from leaving data in poorly secured cloud storage.
The breach — like hundreds of others — resulted when files containing the Indonesian airlines' passenger names, passport numbers, birth dates, home addresses, and other data — was left openly accessible in an Amazon Web Services (AWS) storage bucket.
The data belonged to passengers of Malindo Air and Thai Lion Air. A Dark Web operator known as Spectre later dumped four files — two containing data from Malindo and two with data on Thai Lion Air — online, South China Morning Post (SCMP) reported this week.
Malindo Air confirmed the breach in a statement on its website but did not provide any details on the scope of the compromise. The company said it was in the midst of notifying passengers about the data compromise, while adding that no payment card details had been exposed in the incident.
"Our in house teams along with external data service providers, Amazon Web Services (AWS) and GoQuo, our e-commerce partner, are currently investigating into this breach," Malindo Air said.
The Lion Air breach is one of many involving Amazon's S3 storage service. Some of them have been massive in scope and resulted from victim organizations themselves not properly securing access to their data in S3. In other instances, the compromises have resulted fr ..
Support the originator by clicking the read the rest link below.
