Arik Air not aware of data leak – Spokesman
PHOTO: Arik Air
Arik Air has said it was not aware that the data of its customers leaked online.
An internet security expert Justin Paine said he discovered the breach during a random scan “for open/exposed/vulnerable Amazon S3 buckets” on September 6.
Paine, who is the head of trust and safety at Cloudflare, said his attempt to alert the company to the exposed data was not acknowledged until September 24.
But the airline in an emailed statement sent to The Guardian said it was not using “Amazon S3 bucket” for its hosting services.
“Our online platforms are up and running and not under attack,” said Arik Air’s spokesman Ola Adebanji.
“Arik Air takes IT security and protection of customer data seriously.”
When asked if the Arik Air ever used Amazon Web Service for its hosting, Adabanji replied, ‘I don’t think so.”
Although Paine initially acknowledged that it was not totally clear who the owner of “this data is as Arik Air didn’t reply” with any further details, he doubled down on his belief that it is “a bucket controlled by Arik Air or one of their immediate partners/processors.”
Paine said the leaked storage contained 994 CSV files, with the customers’ information collected between December 31, 2017, and March 16, 2018.
It contained 54,011 unique names, 41, 304 unique device fingerprint, 65,412 unique emails and 570, 210 unique card transactions; 437, 457 of those were made using Mastercard and 97, 713 using Visa.
Majority of the customers affected appeared to be Nigerians or based in Nigeria as most of the account used in transactions covered in the leak were domiciled in Nigeria.
He said the breach was only acknowledged in an email sent to him on September 24, 18 days after he first made contact with Arik Air via its Facebook page.
He also noted the breach was fixed sometime after he received the email.
Set up in 2006, Arik Air was a privately-owned business before it was taken over by the Nigerian government in 2017 after failing to repay its $429 million debts.
A spokesman for the Asset Management Corporation of Nigeria (AMCON), which now manages the company, said AMCON took “over the management of Arik because the whole place is in a mess.”
Related
Get the latest news delivered straight to your inbox every day of the week. Stay informed with the Guardian’s leading coverage of Nigerian and world news, business, technology and sports.
0 Comments
We will review and take appropriate action.