Data Security, Privacy

Over 820K airport lost and found records leaked by unsecured databases

concept of leaky software, data with a tap sticking out.3d illustration

Airports in the U.S., Canada, and Europe had 820,750 sensitive and personal records related to lost airport items and their owners exposed by more than a dozen unprotected databases belonging to German firm Lost and Found Software, Cybernews reports.

Misconfigured databases — all of which have since been secured although the duration of their exposure remains uncertain — included not only images and details of lost items, reports, and return addresses, but also payment confirmations, shipping labels, documents with personally identifiable information, and high-resolution photos of driver's licenses, passports, and employment documents, according to an investigation by cybersecurity researcher Jeremy Fowler published on Website Planet. Such leaked data could be leveraged by threat actors to facilitate identity theft attacks and phishing campaigns, noted Fowler, who also urged organizations to implement more robust authentication measures on top of a more complex database naming scheme to avert potential compromise. "Even if one or more of the databases is secured, it is clear to the criminals what type of data is stored there, and they can launch a wide range of potential attacks to gain unauthorized access," Fowler added.

You can skip this ad in 5 seconds