Pegasus Airlines is a Turkey-based low-cost airline that exposed Electronic Flight Bag (EFB) data to the public including sensitive information such as source code, crew and staff data, and flight details.
A team of security researchers at SafetyDetectives have shared details of an unprotected cloud data storage discovered on February 28th, 2022. The details of the incident have only been shared this week.
According to researchers, the data belonged to a low-cost domestic and international flight operator known as Pegasus Airlines. Part of the data leak is the personal information of the airline’s flight crew, source code, and flight data. The database was left open in an AWS S3 bucket.
Details of Leaked Data
In a blog post published by SafetyDetectives, around 23 million documents were stored in the unprotected AWS S3 bucket, which equated to about 6.5TB of data. The exposed data included more than 3 million sensitive flight data files, including flight charts/revisions, pre-flight checks-related issues’ details, insurance documents, and crew shift information.
Furthermore, more than 1.6 million files contained the airline crew’s PII (personally identifiable information). This included their photos and signatures.
Pegasus Airlines’ EFB Software Leaked the Data
Reportedly, parts of the leaked data were tracked to