Malindo Air will hire an independent cybersecurity firm to do a full forensic analysis into the nature of the leak. File Photo
KUCHING: Malindo Air has today confirmed that they have suffered a massive data breach which could have exposed the personal data of millions of its passengers, including their passport details, home addresses and phone numbers, a news report said.
Its Chief Executive Officer Chandran Rama Muthy told South China Morning Post (SCMP) that the airline has launched a probe into the breach and had notified the Malaysian Communications and Multimedia Commission (MCMC) on Tuesday.
“We found out about this breach last week. We and a third party vendor are checking as we speak, and will come up with a statement soon. We will advise passengers accordingly as per the investigation outcome,” he said in the news report, adding it was still not known how many passengers’ details had been leaked.
Chandran said that Malindo Air would also be hiring an independent cybersecurity firm to do a full forensic analysis into the nature of the leak.
The files of passengers who flew with Thai Lion Air and Malindo Air, subsidiaries of Lion Air, were uploaded and stored in an open Amazon Web Services bucket, a public cloud storage resource, SCMP said.
It added that the files – titled “Passenger Details” or “Passengers” – contain full names, home addresses, email addresses, dates of birth, phone numbers, passport numbers and expiration dates.
“Four files, two belonging to Malindo Airlines and two belonging to Thai Lion Air, were dumped online by a figure known as Spectre, who operates a darkweb site that publishes download links for leaked data and hacked databases.
“There were also references to Batik Air, a third Lion Air subsidiary based in Jakarta,” the news report said.
The data was dumped in groups on instant messaging service Telegram, as well as on cloud storage and file-hosting services such as mega.nz and openload.cc, which still contain an active link to these databases.