Cyber Incident Victim: Flightradar24

In June 2018, Flightradar24 detected a security breach affecting users who registered accounts before March 16, 2016. The incident, identified in late June, involved unauthorized access to one server that stored email addresses and hashed passwords for a subset of older user accounts. The company promptly shut down the compromised server upon discovering the intrusion attempt. Flightradar24 notified impacted users via email, advising them to reset their passwords and warning against password reuse on other platforms. Some recipients initially suspected the notification was a phishing scam due to its inclusion of a password reset link, prompting company representatives to confirm the breach’s legitimacy through official forums. A staff member named Olga clarified that the breach was confined to a single server and emphasized there was no evidence of compromise to personal information beyond email addresses and hashed credentials.

The breach did not expose payment data, as Flightradar24 did not store such information. The company’s response focused on mitigating risks by instructing affected users to change their passwords immediately, particularly if they had reused credentials elsewhere. This precaution was highlighted as critical given the likelihood that aviation professionals—a key user group—might access sensitive industry systems with similar passwords. Flightradar24’s public communications stressed the limited scope of the incident but underscored the broader security implications of credential reuse. No further technical details about the attack vector or the identity of the threat actors were disclosed in the available information. The incident underscored operational risks associated with legacy user data and reinforced standard breach response protocols, including server isolation and user notification.