Pegasus Airlines

Turkish flight operator Pegasus Airlines suffered a data breach after an AWS cloud storage bucket was left unprotected.

Electronic Flight Bag (EFB) information including the names, surnames, phone numbers, e-mail addresses, titles, flight information of past journeys, flight locations, and photographs and signature images of some employees belonging to an unknown number of customers was stored in an open bucket.

Reportedly around 23 million files, totaling around 6.5 TB of data were found on the bucket.

The bucket also exposed the EFB software’s source code, which contained plain-text passwords and secret keys.

Source: https://portswigger.net/daily-swig/turkish-flight-operator-pegasus-airlines-suffers-data-breach

"id": "PEG11417622",
"linkid": "pegasus-airlines",
"type": "Breach",
"date": "06/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"