One of the world's most popular flight tracking services Flightradar24, which shows real-time aircraft flight information on a map, has suffered a massive data breach that may have compromised email addresses and hashed passwords for more than 230,000 customers.

Without revealing any information about the breach publically via their blog or social media accounts, Flightradar24 started sending out emails earlier this week with a password reset link, asking them to change their passwords.

The incomplete reference to suddenly announced data breach incident via emails and providing a unique password reset link to each user caused some customers to suspect that they have been a target of a phishing attack.
However, later the company confirmed the breach while responding to its customers' queries on the official forum and Twitter, saying that the breach notifications they have received via emails are legitimate and that neither payment nor personal information has been compromised.
"The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016)," the company said.
"We have already invalidated your old password and the link in the email will allow you to create a new password."
The Swedish-based company also confirmed that the security breach was limited to only one of its servers, which has been shut down immediately after the intrusion was detected late last week.
🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

The company claimed that the breached passwords were hashed, though it did not specify the hashing algorithm or if they were protected using a salt, which adds an extra layer of security to your hashed passwords.

To protect accounts of its customers, in case hackers manage to crack some passwords from the list, Flightradar24 has already expired previous passwords for the affected user, forcing them to set a new password before accessing their accounts.

However, it would also be a great idea to change your passwords on other online services and platforms as well, if you share the same credentials.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.