Without revealing any information about the breach publically via their blog or social media accounts, Flightradar24 started sending out emails earlier this week with a password reset link, asking them to change their passwords.
The incomplete reference to suddenly announced data breach incident via emails and providing a unique password reset link to each user caused some customers to suspect that they have been a target of a phishing attack.
forum and Twitter, saying that the breach notifications they have received via emails are legitimate and that neither payment nor personal information has been compromised.
"The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016)," the company said.
"We have already invalidated your old password and the link in the email will allow you to create a new password."The Swedish-based company also confirmed that the security breach was limited to only one of its servers, which has been shut down immediately after the intrusion was detected late last week.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The company claimed that the breached passwords were hashed, though it did not specify the hashing algorithm or if they were protected using a salt, which adds an extra layer of security to your hashed passwords.
To protect accounts of its customers, in case hackers manage to crack some passwords from the list, Flightradar24 has already expired previous passwords for the affected user, forcing them to set a new password before accessing their accounts.
However, it would also be a great idea to change your passwords on other online services and platforms as well, if you share the same credentials.