Flightradar24, one of the most popular flight tracking services that shows real-time aircraft information on a map based in Sweden, suffers a huge data breach in which email addresses and password hashes of the users registered prior to March 16, 2016, may have been compromised.
This week the company started sending emails to the users asking them to change their passwords after detecting a breach on one of the company’s servers. Initially when some of the users received emails with the password reset link, they thought that these mails are some phishing attempts as the company has not reported about the issue in their website or on social media.
But later the company itself confirmed that the mails were legitimate while responding to the customer’s queries on social media, forums and in their official website. They assured that neither payment details nor personal information of the users has been compromised.
Flightradar24 confirmed that the security breach happened to only one of its servers, which has been promptly shut down immediately after the intrusion was detected. They were confident that the issue has been controlled.
They claim that they hash the user passwords, however they did not mention which hashing algorithm is being used. In order to protect the accounts of the users the company have expired the previous passwords and were reset.
The company did not disclose how many of its users were affected, they just mentioned that a small subset of Flightradar24 users were affected. Since the company has more than 40 million users per month with mobile apps on Google Play and Apple Store, even a small subset could result to a huge number.
To be on the safer side it is advised to change your passwords on other online services and platforms as well, if you are using the same credentials.