Cyber attacks are being executed at a large scale these days, and mostly the organizations that deals in handling the Personal Identifiable Information of their users are at the receiving end. Once the data is exposed on the dark web or sold to a malicious individual/group, that data may keep on re-occurring on dark web forums/markets.
As part of our daily monitoring, Cyble researchers noted a threat actor sharing leaked data of Airlink International UAE for free on two different platforms.
“Established in 1976, Airlink International U.A.E. has been set up to be a one-stop company for any travel and logistics requirement. With 200+ employees, around $250 million revenue (Source) and PII of 1000s of customers, Airlink U.A.E becomes a target for malicious actors”
The data leak was due to a misconfigured server which lead to exposure of 60 directories having approximately 5,000 files each; The leak was reported on May 30, 2020 which was not covered at a large scale. Now, another threat actor is trying to gain fame using the opportunity and sharing the data (14 folders and 53,555 files) for free on multiple dark web forums.
The files are divided into below mentioned categories–
- Passport scans
- Flight bookings
- Hotel bookings
- Email communications between Airlink International Group employees and customers
- Insurance policy for international travel
Cyble recommends every organization to include the steps in their checklist of secure configuration –
- Configure server to prevent unauthorized access, directory listing
- Review old backup and unreferenced files for sensitive information
- Test file permissions
- Enumeration of infrastructure and application administrator interfaces
- Consider running scans and doing audits periodically to help detect future misconfigurations or missing patches
About Cyble
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.   Â