Misconfigured Servers, Indonesian Lion Air Had 35 Million Customers' Data Leaked To The Internet

21/09/2019

According to a report from security firm Kaspersky Lab, roughly 35 million airline records from Lion Air were available for download on some online forums for more than a month.

Lion Air is a low-cost Indonesian airline, and also the biggest private carrier in the country. And it suffered this data breach, after a misconfigured server.

The databases that included travelers' phone numbers, passport details, and information about their flights, were first published on August 12th, 2019. After being revoked access, the hackers managed to regain entry, copy the data, and made them available for download, on September 10 and 17.

"Whoever did this must have access to the Amazon Web Services (AWS) bucket where this information was stored," network security specialists say.

Malindo Air, the joint airline created by Malaysia National Aerospace and Defense Industries (NADI) and Lion Air from Indonesia, acknowledged the incident, saying that the incident affected its Malaysian and Thai units.

Quickly after being informed, the company solved the issue, by making it servers "fully secured and any vulnerability has been corrected”.

Lion Air

The company works with Amazon Web Services Inc. and e-commerce partner GoQuo, as well as external security company to investigate the incident, with network security specialists saying that the leak was caused by poor configuration of cloud computing deployments.

This has in fact become one of the leading causes of information security incidents.

AWS buckets have default private configuration in place. But it's the customers' responsibility to secure their own servers. They are the ones that need to verify the correct implementation of any changes to this settings.

And this was where Lion Air failed.

"We are taking legal action with the authorities in Malaysia, and we're under the process of investigation," said Managing Director Lion Air Group, Daniel Putut Kuncoro Adi.

And according to Semuel Abrijani Pangerapan, the Director General of Informatics Application of the Communication and Informatics Ministry, he has met with Lion Air officials on Thursday, September 19th, and assure them that the Ministry is willing to help solve this issue.

"We've met and coordinate to get clarification from Lion Group." said Semuel.

He said that Lion Air acknowledged the issue that happened on two airlines, Malindo Air and Thai Lion Air, which are operated from Malaysia.

Airlines have become the targets of several high-profile data breaches in recent years.

Previously, hundreds of thousands of British Airways and Delta Air Lines customers had their information hacked since 2018. In October, Hong Kong's Cathay Pacific Airways disclosed that hackers accessed personal information of its 9.4 million customers, making the incident the world's biggest airline data breach at the time.

As of Lion Air, Malindo Air said that the airline doesn't store any payment details, meaning that there weren't any payment card information exposed during this incident.