An unprotected server found by a security researcher last week contained identification data of hundreds of thousands of people from the database of checking the US government terrorists and a “list of prohibited for flights”.
discovered by the Swiss hacker Arsoncrimew, a server controlled by the US National Airline Commeteair, revealed a huge amount of data from the company, including personal information about almost 1000 employees of Commeteair.
On the server in the public domain, a text file called “Nofly.csv” was found – links to the subgroup of persons in the database of terrorist checks who were forbidden to perform air travel due to suspicions or well -known ties with terrorist organizations.
There are more than 1.5 million records in the list. The data included the names and date of birth. The list also included pseudonyms, as a result of which the number of unique persons was much less than 1.5 million.
In the USA there is a list of people who are forbidden to use air transport, created decades ago. Until the attacks on September 11, 2001, this list included only 16 people. After the terrorist attacks and the creation of the US Department of Internal Security, the list has expanded quickly. The exact number of people on the list is unknown, but according to the latest estimates, it is from 47,000 to 81,000 people.
In the statement for the Daily Dot, Commeteair said that the open infrastructure, which they described as the development server, was used for testing purposes. The company also stated that the server did not provide information about customers and that the data on it was legitimate, presenting the version of the “federal list of non -letters” compiled about 4 years ago.
This is not the first leak of the closed database. In August 2021, a copy of the list of terrorists was looking for FBI was freely available for three weeks.