Security expert uncovers customers’ data leak in Arik Air
A Security expert has uncovered a massive customers’ data leak in Arik Air, one of Nigeria’s foremost airlines, Guardian reports
According to Justin Paine, Head of Trust & Safety at Cloudflare, there is a bucket containing a large number of CSV files reportedly containing the Arik airline’s customers’ data.
The leak, which contained sensitive customer details such as device fingerprints, names, email addresses, last four digits of credit cards, and IP addresses, was discovered on September 6 by Justin Paine, the head of trust and safety at Cloudflare.
Cloudflare is one of the largest internet security and cloud network platforms in the world.
“After concluding the CSV files were very likely owned by Arik Air (or their payment processor) I immediately attempted to make contact with Arik Air to notify them of this data leak,” Paine said in a blog post he published on Tuesday.
“To say this process was challenging would be an understatement. I can confirm roughly 1 month after notice was provided that action has finally been taken to secure the S3 bucket.”
Paine said the leaked storage contained 994 CSV files, with the customers’ information collected between December 31, 2017, and March 16, 2018.
It contained 54,011 unique names, 41, 304 unique device fingerprint, 65,412 unique emails and 570, 210 unique card transactions; 437, 457 of those were made using Mastercard and 97, 713 using Visa.
Majority of the customers affected appeared to be Nigerians or based in Nigeria as most of the account used in transactions covered in the leak were domiciled in Nigeria.