Announcement

Collapse
No announcement yet.

Security breach email

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security breach email

    Hi!

    I have got this email:

    Dear Flightradar24 user,

    I regret to inform you that late last week we identified a security breach that may have compromised the email addresses and hashed passwords (see explanation below) for a small subset of Flightradar24 users (those who registered prior to March 16, 2016), including you.


    Is it yours?


    Thx,
    federbear.
    T-ENGM162 ex T-ENHA4, T-ENGM86, T-LHBP22

    My photos - Planespotters
    My photos - Jetphotos

  • #2
    Originally posted by federbear View Post
    Hi!

    I have got this email:

    Dear Flightradar24 user,

    I regret to inform you that late last week we identified a security breach that may have compromised the email addresses and hashed passwords (see explanation below) for a small subset of Flightradar24 users (those who registered prior to March 16, 2016), including you.


    Is it yours?


    Thx,
    federbear.
    Lot's of us got the same mail. I think FR24 should give us some more info. Like what hashing method they used on passwords (salted?). Also, why is a 2 year outdated user database online?

    Comment


    • #3
      As it came from an address I didn't recognise (FR24.com) I've sent them a query to verify it is genuine. I also didn't like the look of the link it asked me to click on to reset password (which I haven't as yet).

      Comment


      • #4
        Originally posted by Stealth View Post
        As it came from an address I didn't recognise (FR24.com) I've sent them a query to verify it is genuine. I also didn't like the look of the link it asked me to click on to reset password (which I haven't as yet).
        This address u708499.ct.sendgrid.net/ is suspicious. I thought immediately of a data fishing link, because it is not an FR24 site. Plus I do not like to click a link from an email, that would lead to a site changing password anyway.

        So it is still an open question, and I hope they answer it as soon as possible.
        T-ENGM162 ex T-ENHA4, T-ENGM86, T-LHBP22

        My photos - Planespotters
        My photos - Jetphotos

        Comment


        • #5
          The host from which the e-mail was sent resolves to o1.post.flightradar24.com, chances are that it is legit.
          It is odd that there is no message from FR24 on twitter, facebook, etc. in this regard. Also no blog entry about this on the fr24 webpage.

          Edit: Just saw it in the comments on facebook/fr24 that the mail is legitimate.
          Last edited by helios; 2018-06-19, 07:20.

          Comment


          • #6
            Originally posted by helios View Post
            The host from which the e-mail was sent resolves to o1.post.flightradar24.com, chances are that it is legit.
            It is odd that there is no message from FR24 on twitter, facebook, etc. in this regard. Also no entry about this on the fr24 webpage.

            Edit: Just saw it in the comments on facebook/fr24 that the mail is legitimate.
            Thx, I'll share it.
            T-ENGM162 ex T-ENHA4, T-ENGM86, T-LHBP22

            My photos - Planespotters
            My photos - Jetphotos

            Comment


            • #7
              It's in the news (german):
              https://www.heise.de/security/meldun...t-4084911.html

              Comment


              • #8
                Originally posted by federbear View Post
                Hi!

                I have got this email:

                Dear Flightradar24 user,

                I regret to inform you that late last week we identified a security breach that may have compromised the email addresses and hashed passwords (see explanation below) for a small subset of Flightradar24 users (those who registered prior to March 16, 2016), including you.


                Is it yours?


                Thx,
                federbear.
                Yes, this is a genuine email from us. Please go ahead with changing your password.
                --

                Comment


                • #9
                  We can confirm that the email some of our users received in regards to a security breach has been sent by us. The security breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).

                  We would like to apologize that this breach occurred and for the inconvenience this may cause. We would also like to stress that we have no indication any of personal information was compromised.

                  The security breach was limited to one server and it was promptly shut down once the intrusion attempt had been ascertained. An email has been sent to users with affected accounts.

                  Please note that no payment information has been compromised. Flightradar24 neither handles nor stores payment information.

                  We recommend to change the password for your FR24 account. In case youÂ’ve used the same password anywhere else, we strongly suggest you update it there as well.

                  If you'd also like to change the email address of your Flightradar24 account, please email us via support@fr24.com providing both the old and the new email addresses. Also, it's possible to change the password directly via our website if you prefer.

                  Please accept our sincere apologies for any inconveniences caused. Our team will continue our thorough internal security review of our system and processes to see what more we can do to ensure that this never happens again.
                  Flightradar24.com Support

                  Comment


                  • #10
                    I got this email also, but thought it was a Phishing email at first.
                    Might I suggest to the staff that send these emails that they go not include a clickable link, instead requesting users go to the Flight Radar24 website, login and change the password like that manually.
                    Most banks do this nowadays.
                    Have changed my password now. Does this include the Forum accounts or just the main FR24 website accounts?

                    Comment


                    • #11
                      I also got this mail, And thought it was a Phushing,. And also do not use a link in an Email..
                      But over my Premium account ,. Changed my Password,.
                      Safest way..!
                      But found out that Email was original from FR24

                      Better being safe than sorry.....
                      Last edited by delcomp; 2018-06-20, 07:29.
                      (F-EDLE1)delcomp-DEL-David Tks(My friend Mike, all three of them)

                      URL: http://banner.flightdiary.net/EDLM
                      1090SJ(Ae) /(6m. Ecoflex10) / SBS 3 /-FR24 Box/ Power-line Connection (Ethernet)

                      Comment


                      • #12
                        does this affect people who log in using google? I guess not?
                        T-EDDS235

                        Comment


                        • #13
                          No, the only people that are potentially affected have been emailed. Those who didn't receive the email are in the clear. Also, please note that forum accounts are not affected.
                          --

                          Comment


                          • #14
                            Approximately how many accounts is "a small subset of Flightradar24 users"?

                            Thousands? Tens of thousands? Hundreds of thousands?

                            Comment


                            • #15
                              Originally posted by DontBreachMebro View Post
                              Approximately how many accounts is "a small subset of Flightradar24 users"?
                              I've seen one report quoting 230,000. But this needs to be verified.

                              https://thehackernews.com/2018/06/fl...ta-breach.html
                              Mike


                              www.radarspotting.com

                              Radarspotting since 2005

                              Comment

                              Working...
                              X