A budget Turkish airline has misconfigured an AWS bucket, resulting in the exposure of flight and source code data, alongside the personal information of crew members.
A research team in the employ of SafetyDetectives discovered the cloud data trove was publicly available on February 28. Some of the information was traced back to Electronic Flight Bag (EFB) software developed by Pegasus Airlines.
An EFB is an information management tool designed to aid in the productivity of flight crew by providing reference materials for their flights.
6.5TB of data was leaked, equating to roughly 23 million files. 3 million of said files contained sensitive data such as flight charts and revisions, insurance documents and information on crew shifts.
More than 1.6 million files contained personally identifiable information (PII) on airline crew, including photos and signatures.
Source code from Pegasus’s EFB software was also discovered, including plain text passwords and secret keys.