Originally, the No Fly List was obtained by Swiss hacker Maia Arson Crimew from an unsecured cloud server owned by the Ohio-based airline, CommuteAir, a United Express carrier.
In a major security breach, the U.S. No Fly List, a database of individuals who are barred from boarding commercial airlines due to security concerns, has been leaked on a hacker forum.
The database contains the personal details of over 1.8 million individuals, which is now available on Breach Forums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums
Breach is the same forum where the database of the FBI’s security platform InfraGard was initially sold and then leaked in December 2022.
The leak includes the full names and dates of birth of 1,817,233 individuals on the No-Fly List with suspected or known ties to terrorist organizations.
It is worth noting that as reported by Hackread.com on January 23rd 2023, originally, the No Fly List was obtained by Swiss hacker Maia Arson Crimew from an unsecured cloud server run by the Ohio-based airline, CommuteAir, a United Express carrier.
It is unclear who leaked the database on the hacker forum since Crimew only shared the database with the non-profit whistleblower site DDoSecrets. The organisation only allowed journalists and researchers to access the data on request due to the presence of Personally identifiable information (PII).
The FBI and DHS have yet to release a statement; however, the Transportation Security Administration (TSA) is reportedly investigating the leak.
The leak of the No Fly List should not be a jaw-dropper, as in August 2021, the US government’s secret terrorist watchlist with 2 million records was exposed online. However, the watchlist was exposed on a misconfigured server hosted on a Bahrain IP address instead of a US one.
The No Fly List has been a controversial issue for years, with many individuals and civil liberties groups claiming that it is flawed and that some individuals on the list have been wrongly included. This latest breach raises serious concerns about the security and privacy of the No Fly List and the government’s ability to protect sensitive information.
This incident highlights the ongoing threat of cybercrime and the need for organizations and government agencies to increase their cybersecurity measures to protect sensitive information and prevent data breaches.