Tens of millions of documents from clients of two Lion Air-owned airlines have been circulating for at least a month at information exchange forums. The information was stored in a web-open Amazon bucket.
The documents are available in a folder containing backup files mostly designed for Malindo Air and Thai Lion Air in May 2019, one with 21 million records and the other with 14 millions records.
Batik Air, an airline whose parent organisation is Lion Air, has a further backup file.
Sensitive private data disclosed
Details leaked include passenger and booking identifications, physical addresses, phone numbers, e-mail addresses, birth dates, telephone numbers, passport numbers and expiration dates.
We could not discover a information exposure incident announcement from Lion Air or its subsidiary airlines.
Researchers Under the Breach released samples of both databases to mask the passenger’s private information
For at least a month, data circulating
When data is first accessed, it is uncertain, but a user gathers delicate information from different forums released on the website and links it to the open AWS bucket on August 10.
Spectre informed that after the publication of the AWS bucket URL, the dumping of the two databases started on various forums.
On 12 August, someone provided it to a fairly renowned information exchange group and the bucket was secured some time later.
However, two cloud storage databases are still in circulation on request. The BleepingComputer saw the open directory index and noticed that the most recent backup files of 25 May named’ PaymentGateway’ included a reference to the Company’s loyalty award program, as well as the GoQuo online booking service which offers customer analytics solutions.
The backup file contents did not have access, but only the names of the entries indicate that extremely sensitive data has been exposed and can be accessed by unauthorized people.
The combination of private information, which has already been transformed into transparent texts, is a Privacy Risk for its holders and highly likely to be used for economic gain by threats actors.