Posted on June 24, 2018 at 11:48 AM
Another major hacking attack has left more than 230,000 user accounts compromised after the hackers managed to gain access to Flightradar24, a large flight tracking service. The radar is capable of displaying the locations of airplanes on the map in real time, and the hack of this service represents yet another massive data breach.
Flightradar24 suffers from a security breach
According to reports, one of the biggest services regarding the flight tracking, Flightradar24, was recently hacked. The service allows tracking airplanes on the map, and it shows their location at all times. Over 230,000 users have had their accounts compromised during the attack when their passwords and emails leaked.
The company has already notified the majority of the users of the incident and has urged them to immediately change their passwords. As part of the emails that the company sent, they included links that would allow the users to reset their password. This has caused many to be suspicious since the urgency of the matter indicated that it might be a phishing attack.
The company used their Twitter account, as well as their official forum, to confirm that the breach has actually occurred and that the requests to reset passwords actually came from the company. One positive thing, according to Flightradar24, is that the attack did not compromise users personal data, or their card data.
According to the company, the leaked passwords are also protected by encryption, but the company did not specify which algorithm is being used for hashing. Still, encryptions can be broken, and the company did not want to take any chances. Because of this, they disabled all of the old passwords, which means that users can now only access their accounts through the reset link received via email.
The company also advises users to change the password on any other online service, in case that they have used the same one as the one that was stolen.
How to stay protected online?
WhiteHat Security’s senior director, Katie Carty Tierney stated that this security incident should serve as a reminder that all of the personal info is at risk at all times. This is especially true when it comes to web apps, which are basically vulnerable non-stop. She added that the companies need to start using much stronger password protection methods, but the users have a part to play in protecting themselves too.
Encrypted passwords are a good start, but the firms should not stop with the security measures just because the encryption is in place. The best practice would be to use unique passwords for each website, and the entire online community should strive towards this. The less strict our personal security is, the riskier it gets for users’ personal data.
Tierney ended by giving several tips to those looking to secure their accounts even more. The first tip is to use different passwords for each website, so that other accounts would not be compromised if one of them is hacked. The second tip is to use two-factor authentication whenever and wherever that is possible. Next, it would be best if users would only use websites with SSL. Users can check if the website is secured by checking if ‘https://’ appears at the beginning of the URL.
Finally, the last tip is to not click on links or attachments received via email or instant messages. At least unless the user is completely sure who sent the email/IM, and what the message contains. Otherwise, each click is a gamble that might have very bad consequences if the user’s luck runs out.