Lion Air has confirmed the leak of around 35 million customers’ passport details, home addresses, and phone numbers into the digital world.
Many have protested against the airline’s carelessness, claiming that the leak has rendered them more vulnerable to cybercrime and identity theft.
According to a cybersecurity researcher, passengers of Lion Air’s subsidiaries, namely Batik Air, Malaysia’s Malindo Air, and Thailand’s Thai Lion Air had their personal details stolen and posted online last month. The breach was initially discovered by a cybersecurity intelligence collective, Under the Breach, which goes by the Twitter name of @underthebreach.
Censored screenshots of Thai Lion Air’s internal data were shown in a brief Twitter thread, demonstrating the scale of the data theft.
“Hacker dumps @lionairthai’s customer and flight database. First database has 21 million records, which include passenger ID, reservation ID, customer address, phone number and email,” @underthebreach tweeted. “Second database has 14 million records, which include the name, date of birth, phone number, passport number and passport expiration date,” detailed another tweet.
Several airlines across the world have also suffered from data leakages in the past. Malindo Air spokesman Andrea Liong has encouraged their customers to change passwords as a precaution. “We are in the midst of notifying various authorities both locally and abroad, including cyber-security Malaysia. Malindo Air is also engaging with independent cybercrime consultants to investigate and report this incident,” she added.
Meanwhile, Communication and Information System Security Research Centre chairman Pratama Persadha urges the Lion Air group to immediately examine the parts of its database which require additional security, such as encryption. He strongly suggests that the airline conduct penetration tests to detect any security holes in its systems to prevent leakage and breaches in the future.
Source: The Jakarta Post, Kompas
Image: Liputan 6