Lion Air let their customer back up data leaks
The shocking news came from two airlines belonging to the Lion group where more than twenty million airline customer data has been leaked in an online forum since a month ago.
This was first reported by a media focused on the discussion of ransomware and data security, BleepingComputer, Tuesday (17,9,2019). The report said that the data is spread out in two files, the first is 21 million data and the second is 14 million data.
The file contains back up data made since May 2019 for several airlines, namely Malindo Air and Thai Lion Air. In the file there is also named Batik, as you know if Batik is a subsidiary of Lion Group.
The leaked data contains sensitive information belonging to customers, ranging from information on reservoir IDs, resident cards or passenger IDs, addresses, telephone numbers, e-mails to passport numbers.
It is still no clarity when the data was first accessed, but one user who collected sensitive information from various data exchange forums published on their website the link to AWS bucket opened on August 10.
As we summarized from Detik, Wednesday (18,9,2019). According to Danang Mandala Prihantoro, the Lion Air Group Strategic Corporate Communication, they are investigating this matter, whether this is true or not.
“I have to check first, we are also checking,” Danang said when quoted from detik.com, Jakarta, Wednesday (18/09/2019).
He added that if at this time his party could not provide further responses related to this issue, at this time they were still in the checking stage. If there were developments occurs, he would provide further information.
“Yes, we are doing a check, so I can not provide more detailed information first, later if there are developments, I will check first, meanwhile first,” he concluded.
On the other hand, Amazon as a cloud service provider is reluctant to comment on this problem, they chose silence. Lion does use Amazon Web Service as a place to store the data of its passengers.
Until now it was said if the database from cloud storage is still circulating, even though it requires permission.