TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Lion Air leak puts data protection in spotlight
The data breach laid bare at least 35 million customers’ passport details, home addresses and phone numbers in the digital wilderness, effectively rendering them vulnerable to various kinds of cybercrime, including identity theft. Malindo Air confirmed the data breach in a statement on Wednesday.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Lion Air aircraft at Soekarno-Hatta International Airport in Tangerang, Banten. (JP/Ricky Yudhistira)
W
ith all due respect to the affected passengers, the data leak affecting tens of millions of Lion Air Group customers could not have occurred at a better time: right when the government is planning to relax rules on data centers in a move that has sparked a fair amount of debate on data protection.
Passengers of the group’s subsidiaries Batik Air, Malaysia-based Malindo Air and Thailand-based Thai Lion Air had their personal details stolen and posted online last month, according to a cybersecurity research collective.
The data breach laid bare at least 35 million customers’ passport details, home addresses and phone numbers in the digital wilderness, effectively rendering them vulnerable to various kinds of cybercrime, including identity theft. Malindo Air confirmed the data breach in a statement on Wednesday.
The breach was discovered earlier this month by online cybersecurity intelligence collective Under the Breach, which goes by the Twitter handle @underthebreach. The collective posted censored screenshots of Thai Lion Air’s internal data in a brief Twitter thread, showing the sheer scale of the data theft.
“Hacker dumps @lionairthai’s customer and flight database. First database has 21 million records, which include passenger ID, reservation ID, customer address, phone number and email,” @underthebreach tweeted on Sept. 12. “Second database has 14 million records, which include the name, date of birth, phone number, passport number and passport expiration date.”
In an email interview with The Jakarta Post, the collective said a member of online database leak forum raidforums.com posted on Aug. 12 a host of private information, including those associated with Batik Air, Malindo Air and Thai Lion Air in a thread titled “Bangkok airline”.
They said that, although the link to the files had been removed from the forum, backups of the airlines’ internal files were still available for download on file-sharing website pastebin.com. The files contained multiple references to Batik Air, Malindo Air and Thai Lion Air dating back to 2015. Several files were named “PaymentGateway”, in reference to airline customers’ payment information.
