News

Confidential Data of Pegasus Airlines Was Exposed to the Public

Turkish low-cost airline Pegasus Airlines accidentally leaked sensitive data: personal information of crew members along with the source code of its software and flight data after the company’s IT specialists incorrectly configured the AWS bucket.

Let me remind you that we also wrote that Avionics of small planes is vulnerable to attacks with the replacement of telemetry, and also that the creation of the Chinese Comac C919 aircraft was accompanied by hacker attacks and cyber espionage.

Pegasus Airlines’ cloud data storage remained open on February 28, according to research group SafetyDetectives.

About 23 million files or 6.5 TB of data were found in the bucket, including more than three million files containing confidential flight data, such as: flight procedures and revisions; insurance documents; Detailed information about problems found during pre-flight inspections; information about crew changes.

More than 1.6 million files contained personal information about the aircraft’s crew, including photographs and signatures.

PegasusEFB’s open bucket left data including flight charts, navigation materials, and crew PII accessible to anyone. The bucket also exposed the EFB software’s source code, which contained plain-text passwords and secret keys that someone could use to tamper with extra-sensitive files.the specialists of the SafetyDetectives group said.

EFBs are information management tools designed to optimize the productivity of an airline crew by providing the necessary reference materials during the flight. SafetyDetectives suggested that attackers could gain access to very sensitive information as a result of the leak.

According to researchers, cybercriminals can spoof sensitive flight data and secret files using passwords and secret keys found in the PegasusEFB bucket. This impact could affect the safety of every passenger and crew member of Pegasus around the world. Subsidiary airlines using PegasusEFB may also be affected.

However, there are no signs that the leaked data is being used by attackers.
Notifying Pegasus Airlines on March 1, SafetyDetectives noted that the leak was fixed after about three weeks.

Reference: Founded in 1990, Pegasus Airlines is a Turkish carrier that specializes in low-cost domestic and international flights. The Turkish private equity firm Esas Holding AS owns a majority stake in the company. Pegasus is headquartered in Istanbul and generated US$620 million in revenue in 2021.

PegasusEFB, a company affiliated with Pegasus Airlines, owns the open bucket containing Pegasus’ EFB information. Several airlines use the PegasusEFB software, including Pegasus, IZair, and Air Manas according to its website.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button