Popular flight tracking site Flightradar24 has suffered a security breach that “may” have compromised the email addresses and hashed passwords of “a small subset” of users.
Users began receiving emails overnight asking them to reset their passwords, and the company later confirmed in multiple forums the emails were genuine.
“The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016),” an administrator said.
“The security breach was limited to one server and it was promptly shut down once the intrusion attempt had been ascertained. An email has been sent to users with affected accounts.”
The company said that it had “no indication any personal information” or payment information was compromised, the latter because Flightradar24 “neither handles nor stores payment information”.
Flightradar24 offers premium subscription packages from US$10 ($13.54) to US$500 ($677) a year. It uses payment services such as Paypal.
The company recommended that users who received an email change their password, and that they change it on other services that may share the same login credential.
It also offered to change the registered email address of affected users, should they wish to do so.
“We would like to apologise that this breach occurred and for the inconvenience this may cause,” Flightradar24 said.
“Our team will continue our thorough internal security review of our system and processes to see what more we can do to ensure that this never happens again.”
Flightradar24 is used by aviation enthusiasts to track flight paths, telemetry and weather conditions, depending on the level of subscription used.
The service is also a useful indicator for airports that are suffering from congestion and delays worldwide as it tracks arrivals and departures.