"Air France-KLM Data Leak Left Customer Information Vulnerable to Scrapers"
According to the Dutch public news organization NOS, together with security researcher Benjamin Broersma, some of the private data belonging to KLM and Air France passengers was easy to obtain. Hyperlinks to flight information were not long or varied enough, enabling large-scale data collection from other customers. NOS and Broersma tested whether private data could be obtained by modifying a hyperlink sent by KLM via text message. Anyone who wanted to receive flight information from KLM via text message was given a six-character link. A malicious actor could have automatically tested all possible combinations of these characters. A valid link could be determined every 100 to 200 times. According to NOS, editing and deleting passport and visa information appeared to be possible, but this was not tested. After more than five hours, KLM blocked the IP addresses used to investigate the exploit. Since then, the airline has added a login screen to ensure that no one else's flight information is accessed. This article continues to discuss the Air France-KLM data leak.
Techzine reports "Air France-KLM Data Leak Left Customer Information Vulnerable to Scrapers"
Submitted by grigby1