Jump to content

Precaución: posible fuga de datos en Flight1.com


BRISAFRESCA

Recommended Posts

Navegando por reddit encontré un tema acerca de que un usuario fue notificado por Avast de que su cuenta en flight1 se encuentra en peligro y no solo la de él sino la de todos los clientes, que podría haber una posible fuga de datos de emails y contraseñas la cual no se sabe cuando ocurrió.

 

Aun no hay ningún comunicado oficial de Flight1 al respecto.

 

Es recomendado cambiar la contraseña y estad atentos de los emails no sea que uno de ellos sea una campaña de phising.

 

Saludos

 

https://www.reddit.com/r/flightsim/comments/d02e9j/potential_flight1_data_breach_change_your/

 

https://www.avast.com/hackcheck/leaks

 

Quote

Flight1.com 4 September 2019 152.482 accounts affected

 

At an unconfirmed date, flight simulator software Flight1.com's database was allegedly breached. The stolen data contains passwords and email addresses. This breach is being privately shared on the internet.

 

 

Link to comment
Share on other sites

me acaba de llegar al email:

 

Quote

(Please do not reply to this email as this mailbox is not monitored)

Important Information:

Yesterday, September 5, 2019, Flight1 was notified that some of our customer data was found on the internet. We are posting what we have discovered.

First, Flight1 is a data-minimum company. We do not store more data than what is required to provide our service and we do not use data for marketing purposes. We do not store credit card numbers with the exception of the last 4 digits so you can inquire about a sale. Credit card expiration dates and CCV verification numbers are NOT stored. Card processing data is passed directly to the processing gateway and is not retained in our database. All flight1.com account passwords are stored as secure 1-way hash codes using an advanced algorithm. Please see our terms of service page for more details on our data policies.

What was discovered:

An audit was completed and does not show any active exploit on our server or database. We have examined our server logs going back a full year. Discovered during the audit was a script (for viewing information on a product) where logs showed there were attempts to retrieve data using an automated bot. We believe this is where some data may have been leaked. Not all current accounts were affected and yours may not have been affected. That version of the script is no longer in use and has not been in use for months. In auditing the current version of the script no vulnerabilities were found (also verified in current logs).

What you should do:

Due to the strong 1-way hashing used we do not believe it is necessary for you to change your passwords, but you are welcome to do so. Flight1 recommends you always be vigilant on the Internet. Be aware of email phishing attempts. Flight1 NEVER sends unsolicited emails asking you to log in to our site, or ask for any payment information via email..

In Summary:

Whether you have been a customer of ours for 20+ years or are a new customer, know that security is always at the top of our list and will remain so. Thank you for your support and please feel free to contact us.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Some pretty cookies are used in this website