Nigerian airline, Arik suffers a major data breach. The data leak details emerged that the airline’s data were found in exposed and vulnerable Amazon S3 buckets.
This was discovered by Justin Paine, the head of trust and safety at Cloudflare, the largest internet security and cloud network platforms in the world.
According to Justin Paine in a blog post, there is a bucket containing a large number of CSV files reportedly containing the Arik airline’s customers’ data. He said the leaked bucket was discovered on September 6 and in total, he found 994 CSV files, with the customers’ information collected between December 31, 2017, and March 16, 2018.
An Amazon S3 bucket is a public cloud storage resource available in Amazon Web Services’ (AWS) Simple Storage Service (S3). The S3 is an object storage offering. The buckets, which are similar to file folders, store objects, which consist of data and its descriptive metadata. It is often used by companies, airlines and other conglomerates handling data.
The safety expert’s review showed that some of the data points leaked included customer names, email addresses, IPs registered at the time of purchases, and the hashes of credit cards used. In addition, he said, data was stored in the bucket which “appears to be last four digits of the credit card used” and what may be “the first six digits of the credit card used.”
See Also: Early Stage, Advanced Start-ups Win Big at 2018 AgriHack Pitch
The data leak also contains dates of sale, payment values, types of currency used, device fingerprints and the departing and arriving airports, he said. Also sensitive in the discovery is the inclusion of business names related to purchases made to Arik Air.
It contained 54,011 unique names, 41, 304 unique device fingerprint, 65,412 unique emails and 570, 210 unique card transactions; 437, 457 of those were made using Mastercard and 97, 713 using Visa.
Majority of the customers affected appeared to be Nigerians or based in Nigeria as most of the account used in transactions covered in the leak were domiciled in Nigeria.
Although, Paine said it’s not clear who owns the leaked data as Arik Air did not respond with any further clarification or details.
“That being said, it certainly seems likely to be a bucket controlled by Arik Air, or one of their immediate partners/processors. The fact that all of these purchases have an “acctparentbusinessname” value leads me to believe this could be a payment processor specific to businesses and/or travel agents,” he added.
“With the information included in this leak, a fraudster would have plenty of useful data points — the person’s name, email, first 6 and last 4 of the credit cards, and a hint as to what the person’s 2FA values might be so they could then focus on compromising that 2FA account (email or phone number) to take steal the users identify,” Justin explained.
More Tech Stories:
- Application Window Opens Up for Airbus’ Africa4Future Accelerator
- Ghanaian Government Currently in Search of Private Partners for Its Proposed Airline
- MFS Africa Lands Series-B Round Fund from LUN Partners Group
- Kenya, South Africa Top META Region’s ICT Growth Index
- Apple Unveils New iPad Pro, MacBook Air With Some Updated Features