- A travel monitoring software company has undergone a data violation
- The researcher discovered 10 Open Lost & Found databases
- More than 800,000 lost and found customers could be exposed
A set of data containing 820,750 recordings totaling 122 GB has been discovered online, most likely belonging to the German monitoring software company Lost & Found, which mainly serves the aviation industry.
As the security researcher revealed, Jeremiah Fowler, it was an unprotected and publicly exposed data set of 14 databases in total, 10 accessible and 4 which were restricted. In the latter, the researcher found shipping labels, lost articles and screenshots, ranging from personal electronics, wallets, bags, medical devices and other personal effects that travelers often take flights.
This is not all, however, because a number of personally identifiable documents have also been included, such as passport analyzes, driving licenses, employment documents, etc. The researcher suggests that these could be lost and uploaded by airport staff, or used to submit complaints and identify the property of lost documents.
Customers at risk
Once a disclosure notice has been sent, the databases were limited “in a few hours”. It is not yet known whether the databases were held and managed directly by Lost & Found, or if a third -party contractor was controlled. It is also not known how long the data set has been exposed, or if the threat actors have accessed the information.
Since it is possible that the information is accessible by the threat actors, this leaves anyone exposed in the risk violation. Since IDs and passports have been included, this means that the main risk is identity theft, because criminals could use these analyzes to request loans, credit cards or bank accounts.
To protect themselves against this, any person concerned can be assigned must closely monitor their account, transactions and declarations, and immediately report any suspicious activity to their bank.
At the same time, be vigilant against any social engineering attack by carefully inspecting all the unexpected communications that you receive from unknown sources – in particular those that cause action.
