Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums .

Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums .

The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air. The most recent backup, dated May 25, is named ‘PaymentGateway.’

The directory was created in May 2019, the databases included respectively 21 million records and 14 million records. It seems that data was circulating on exchange forums since August 10.

The directory also included a backup file for the Batik Air that is owned by Lion Air. Leaked records include passenger and reservation IDs, physical addresses, phone numbers, email addresses, names, dates of birth, phone numbers, passport numbers, and passport expiration dates.

The news of the data leak was first disclosed by BleepingComputer that reported researcher Under the Breach published samples of the leaked records.

Second database has 14 million records which include the name, date of birth, phone number, passport number and passport expiration date.



researchers, contact us for more details. pic.twitter.com/KIsTxhda7e — Under the Breach (@underthebreach) September 11, 2019

“BleepingComputer could not find an announcement from Lion Air or its subsidiary airlines about a data exposure incident.” reads the post published by BleepingComputer.

Experts noticed that data was offered on a data exchange community on August 12, then it was later secured.

Pierluigi Paganini