• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

 | 

Experts uncover critical flaws in Kigen eSIM technology affecting billions

 | 

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Data Breach
  • Canadian Flair Airlines left user data leaking for months

Canadian Flair Airlines left user data leaking for months

Pierluigi Paganini September 26, 2023

Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months

Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands.

The leak consisted of publicly accessible environment files hosted on the flyflair.com website. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. According to SimilarWeb, the website attracts 3.2 million monthly visitors.

Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and database credentials. Web development 101, or an essential requirement, is to keep crucial .env files secure, as they often contain sensitive information that could be used to compromise services or applications.

In this case, the public .env files revealed:

  • MySQL database credentials and location for the local database
  • MySQL database credentials and location for the remote, internet-connected database
  • SMTP configuration, including credentials and secret tokens, for the noreply@data.flyflair.com and groups@jet.flyflair.com emails.
  • Laravel App key (popular open-source PHP web framework)

“The publicly hosted .env files contained database and email configuration details. Database configurations revealed that one of the databases was exposed to the internet, meaning anyone could potentially use these credentials to access sensitive information stored in this database,” Cybernews researchers claim.

While the exact amount of data or the full contents of the exposed databases are unknown, at least one subdomain for booking group travel at a time was collecting private user information, which included:

  • First and last name
  • Email
  • Phone number
  • Flight details (destinations, dates, flight numbers, etc.)
  • Other information (in its privacy policy, the company states that it collects gender, address, and date of birth information)

From the outside, it’s impossible to determine if any malicious actors took advantage of the leak. However, public .env files were first observed and indexed in August 2022, meaning that they were accessible for nearly seven months.

The Cybernews research team discovered the leak on February 27th, 2023. Security disclosure was first reported in March. It took a few months of follow-up notifications, including to the Canadian Computer Emergency Response Team (CERT), until the vulnerability was resolved.

Cybernews contacted Flair for a comment, but the company has yet to respond to the inquiry.

Flair Airlines

Leak provides several attack vectors and can be dangerous

Criminals usually exploit leaked data in bulk, sometimes combined with other leaks, due to specialization in different criminal endeavors. The compromised Flair data could provide at least a few possible attack vectors.

“Leaks like this can often be a starting point for cybercriminals. Firstly, to research what information their target could store, what technologies and security measures they are using. Second, personal information could be used for phishing, identity thefts and other attacks, targeting individuals,” our researchers said.

In this case, the publicly hosted database means that malicious actors could have accessed user information without the need to exploit any vulnerabilities. Attackers could log in, read, and copy the contents or, if user privileges allow, modify or delete the data.

“Leaked email credentials would allow an attacker to log in and send emails from compromised addresses. This is dangerous as it could be used to launch phishing attacks from official Flair Airlines email addresses and trick receivers into clicking malicious links or following other instructions.”

Aviation companies possess a treasure trove of information for black hats, as criminals often seek ways to exploit sensitive personal information, especially passports, for financial gain.

Access to information could also serve as a foothold for criminals to plan more sophisticated attacks.

The Cybernews Research team recommends that Flair or any company immediately reset leaked keys and credentials once the vulnerabilities are exposed, protect customer information, and consider moving exposed infrastructure to new hosts.

Caution advised for users are available at

https://cybernews.com/security/canadian-flair-airlines-user-data-leak/

About the author: Ernestas Naprys, Senior Journalist

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Flair Airlines)


facebook linkedin twitter

data breach data leak Flair Airlines hacking news information security news IT Information Security Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini July 17, 2025
United Natural Foods Expects $400M revenue impact from June cyber attack
Read more
Pierluigi Paganini July 17, 2025
Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    United Natural Foods Expects $400M revenue impact from June cyber attack

    Security / July 17, 2025

    Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

    Security / July 17, 2025

    UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

    Hacking / July 17, 2025

    Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

    Cyber Crime / July 16, 2025

    Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

    Intelligence / July 16, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT