A hacker known as maia arson crimew claims that he was able to get a hold of the FBI’s no-fly list database. The zesty cyber researcher located in Switzerland stumbled upon the list while browsing through an unsecured server used by a commercial airline called CommuteAir. The list reportedly has the details of more than 1 million people who are part of the FBI’s no-fly list. The database consists of the names and birthdates of people barred from flying. This includes terrorism suspects, fraudsters, and unruly passengers such as those who openly refused to follow the mask mandate during the covid-19 pandemic.
While exploring the loosely secured server, the hacker also came across private information of approximately 1,000 airline employees and other sensitive company information. Data points include full names, addresses, passport numbers, and phone numbers of CommuteAir crew members such as stewardesses, pilots, etc. Fortunately, the Ohio-based airline has taken the server down to prevent further leaks and has reported the incident to the authorities, who are now investigating the intrusion.
The list mainly consists of Arabic and Middle Eastern names of children as young as eight and adults. Even though the index has approximately 1.5 million entries, the number of people included in it is much less as there are many entries of common name misspellings or altered names of single individuals. For example, variations of the name of Viktor Bout, also known as the Merchant of Death, are mentioned in the list at least sixteen times.
The story has been covered by major media outlets such as Gizmodo, The Daily Dot, and VICE. The leaked information is generally secretive, but it is neither classified nor top secret, as many government agencies, entities, and individuals already have access. CommuteAir stated that the incident occurred because of a misconfigured development server, and its IT team is working on securing its systems to avoid such incidents in the future.
The hacker has decided not to publish the leaked list online for everyone to see. Still, his official blog statement says he is happy to share his findings with journalists and human rights organizations. The cyber researcher believes it is in the public interest to share this information with entities and people who would do the “right thing” with the list. The hacker does not clarify how the list could be helpful and what would be the “right thing” to do with the leaked info.