Can someone direct me as to how i can delete my account with FA?
Contact FA via email or chat and make your request.
1 Like
Two days ago all my flightaware devices were logged out and i was required to change my password before logging in again.
Yesterday, I received an email Flightaware advising me there had been a security breach and all the identity and personal details were exposed.
As @anon20935850 is the only other user to mention it do i assume that not many are affected?
Anyone else affected?
S
1 Like
You either got a different email, or didn’t quite read it correctly
“potentially involves your personal information”
Is different to your details were exposed.
1 Like
Hi,
Thursday when logging in I was requested to reset my password. The online notice said additional info had been sent separately by e-mail. I had no such notice received, and yes, I checked spam.
I did the standard checks all around the official FA info locations such as their discussions, news, blog, and even their announcements section. There was zero official info there to be found.
I reset the password and everything was fine.
After seeing the single message here today, I did a quick online search for “FlightAware data breach” and found discussions on other sites with the e-mail supposedly sent out by FA.
I just now received that “official” FA e-mail, which has a sent time of about 13 hours ago. It looks like their outgoing e-mail server was backed up big time today.
None of that explains the complete lack of any official FA announcement or news of this on the actual FA web site, which is where most people would go to look for official info on something like this.
Personally, I have very little info connected with my FA site. I use complex passwords that are never duplicated between sites.
Regards,
-Dan
3 Likes
Potentially all FA Users can be affected. That’s what the mail stated.
Therefore as a precaution it is required for all users to take action.
Change the password and it’s all done from your end. The forced log out and password change was a consequence of the potential data breach FA has detected to avoid that the exposed data can be used by others.
All required information for customers were stated in that mail which was sent.
Global security announced the indictment of an Iranian National smuggling plane parts out of The States to Iran. Wondering the breach announcment only was made after the DOJ announced the Iranian’s indictment.
I got the mail requesting to reset the password as well ( not the letter that my account has been breached), changed the password and that was it.
I’d rather have them changing passwords as a precaution than leaving it as it is.
I deal with this kind of stuff daily at work so I don’t think this is an issue but a safety measure.
If you want to know if your credentials are vulnerable you could consult this website that has a big collection of breached accounts all over the internet:
2 Likes
I got the e-mail this morning.
Hello,
FlightAware respects the privacy of your personal information and takes the security of that information seriously. We write to let you know about a data security incident that potentially involves your personal information and out of an abundance of caution, we are requiring you to reset your password. Upon your next log-in to FlightAware, you will be prompted to reset your password or, for your convenience, you may use the following link (Reset Password - FlightAware).
What Happened?
On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).
What We Are Doing?
FlightAware values your privacy and deeply regrets that this incident occurred. Once we discovered the exposure, we immediately remedied the configuration error. Out of an abundance of caution, we are also requiring all potentially impacted users to reset their password.
Please note that this notification was not delayed as a result of a law enforcement investigation.
What Other Steps Can You Take?
If there is anything FlightAware can do to further assist you, please email our Customer Support Center at privacy@flightaware.com or write to FlightAware - Attn:  Privacy, 11 Greenway Plaza, Suite 2900, Houston, TX 77046.
Sincerely,
Matt Davis,
President and General Manager
FlightAware, Inc.
1 Like
I received no email - I just couldn’t log in.
I was buisy, so only just got around to creating a new password.
Does anyone actually enter their “real” details?
The email does not say if it is the plain text version of the password that may have been exposed. I hope not!
For re-assurance FA need to clarify this an explain how passwords were encrypted.
This is exactly my concern. I emailed support asking if plaintext passwords were exposed or just hashes. I hope they weren’t storing plaintext passwords…
Yep me too.
A breach is bad enough but taking weeks to tell us. Unforgivable. I’m absolutely livid - doubly so seeing as others received this email days ago and mine arrived today.
If anyone could tell me how to uninstall the feed software (installed via the linux script) that would be appreciated.
EDIT: Removed with the usual sudo systemctl remove piaware - don’t forget to remove their repository too.
I hope FA goes bust. They seem to have NO CONSIDERATION for user security.
Thought we were doing something good for the community and for FA. This is shabby and i hope the UK ICO destroys them with punitive fines.
1 Like
Spitting hairs. Barely a difference. You may not value the integrity of your data but the rest of us can and do.
1 Like
Given you have received no substantive details, I have no way of establishing how you can conclude that you “don’t think this is an issue”.
It’s an issue for me unless and until i know exactly what happened.
I’ve checked the account I’m using and concluded that my information hasn’t been compromised and that the data I have in that account isn’t posted online.
This specific account was hit in 2012 during another data breach and has undergone multiple password changes since that.
Same goes for this notification, the password has been changed and that is sufficient for now.
I never post any financial information in any account so that makes it less attractive to misuse it.
3 Likes
What powers does the UK ICO have over an entity registered in Texas, USA. Do they have a UK presence?
Likewise.
My associated data has previously featured on at least 4 other data drops it seems. However google analytics and McDonald’s advertising partners probably know more about me.
We should be thankful it triggered a forced change I guess. Unlike advising optional change and leaving at that. I’m dealing to accounts being logged into and posting spam elsewhere from a recent re-publication of data harvested between 2016-2018 and the names+pw combos are still apparently valid.
1 Like
They can fine them up to x% of global turnover and yes, they do - they must be registered with the ICO to process UK PII.
They can be found on the register here: https://ico.org.uk/ESDWebPages/Entry/ZA554616
Fair play Tom. Must confess i think i’m good too but its not the point for me. It’s taken them nearly a month to fess up when it us doing them a favour by sharing our feeds - which makes it pretty outrageous to me.
That they’ve then staggered these notification emails over god-knows how long makes it worse.
Never again will i freely give this company anything - once trust is broken it can’t be restored.