Turkish flight operator Pegasus Airlines suffered a data breach after an AWS cloud storage bucket was left unprotected.
Electronic Flight Bag (EFB) information including the names, surnames, phone numbers, e-mail addresses, titles, flight information of past journeys, flight locations, and photographs and signature images of some employees belonging to an unknown number of customers was stored in an open bucket.
Reportedly around 23 million files, totaling around 6.5 TB of data were found on the bucket.
The bucket also exposed the EFB software’s source code, which contained plain-text passwords and secret keys.
Source: https://portswigger.net/daily-swig/turkish-flight-operator-pegasus-airlines-suffers-data-breach
TPRM report: https://scoringcyber.rankiteo.com/company/pegasus-airlines
"id": "peg11417622",
"linkid": "pegasus-airlines",
"type": "Breach",
"date": "06/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Aviation',
'location': 'Turkey',
'name': 'Pegasus Airlines',
'type': 'Business'}],
'attack_vector': 'Unprotected AWS Cloud Storage Bucket',
'data_breach': {'number_of_records_exposed': '23 million files',
'personally_identifiable_information': ['Names',
'Surnames',
'Phone numbers',
'E-mail addresses',
'Titles',
'Flight information '
'of past journeys',
'Flight locations',
'Photographs and '
'signature images of '
'some employees'],
'sensitivity_of_data': 'Medium to High',
'type_of_data_compromised': ['Electronic Flight Bag (EFB) '
'information',
'Names',
'Surnames',
'Phone numbers',
'E-mail addresses',
'Titles',
'Flight information of past '
'journeys',
'Flight locations',
'Photographs and signature '
'images of some employees',
'EFB software’s source code',
'Plain-text passwords',
'Secret keys']},
'description': 'Turkish flight operator Pegasus Airlines suffered a data '
'breach after an AWS cloud storage bucket was left '
'unprotected. Electronic Flight Bag (EFB) information '
'including the names, surnames, phone numbers, e-mail '
'addresses, titles, flight information of past journeys, '
'flight locations, and photographs and signature images of '
'some employees belonging to an unknown number of customers '
'was stored in an open bucket. Reportedly around 23 million '
'files, totaling around 6.5 TB of data were found on the '
'bucket. The bucket also exposed the EFB software’s source '
'code, which contained plain-text passwords and secret keys.',
'impact': {'data_compromised': ['Electronic Flight Bag (EFB) information',
'Names',
'Surnames',
'Phone numbers',
'E-mail addresses',
'Titles',
'Flight information of past journeys',
'Flight locations',
'Photographs and signature images of some '
'employees',
'EFB software’s source code',
'Plain-text passwords',
'Secret keys'],
'systems_affected': ['AWS Cloud Storage Bucket']},
'title': 'Pegasus Airlines Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Misconfiguration'}