Welp - TSA's no-fly list found on unsecured server, 1.5MM entries exposed

Discussion in 'Hangar Talk' started by ElPaso Pilot, Jan 24, 2023 at 6:44 PM.

  1. ElPaso Pilot

    ElPaso Pilot Pattern Altitude

    Joined:
    May 26, 2006
    Messages:
    1,939

    Display name:
    ElPaso Pilot
    From the gang that can't hit straight, nor audit their partners' data security -- a text file named NoFly.csv was found on an unsecured CommuteAir server.


    EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

    One of the most sensitive U.S. government documents was left online.

    "The server also held the passport numbers, addresses, and phone numbers of roughly 900 company employees. User credentials to more than 40 Amazon S3 buckets and servers run by CommuteAir were also exposed...

    ...an expert familiar with the contours of the No Fly List cautioned that a list that size may be the larger Terrorism Screening Database and not the smaller No Fly List. "

    https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/
     
  2. Zeldman

    Zeldman Touchdown! Greaser!

    Joined:
    Jun 13, 2014
    Messages:
    15,812
    Location:
    high desert NM

    Display name:
    Billy
    Was my name on it.??
     
  3. Half Fast

    Half Fast Touchdown! Greaser!

    Joined:
    May 7, 2016
    Messages:
    10,415
    Location:
    Central Florida

    Display name:
    Half Fast

    Yep. Looks like what they actually got was just the POA subscriber list.
     
    skier, Zeldman, Lawson_Stone and 4 others like this.
  4. Bob Noel

    Bob Noel Touchdown! Greaser! PoA Supporter

    Joined:
    Jun 7, 2008
    Messages:
    20,490

    Display name:
    Bob Noel
    "one of the most sensitive US govt documents"

    good grief.
     
  5. Half Fast

    Half Fast Touchdown! Greaser!

    Joined:
    May 7, 2016
    Messages:
    10,415
    Location:
    Central Florida

    Display name:
    Half Fast

    Yep. That’s how I knew it was the POA subscriber list.
     
  6. texasclouds

    texasclouds En-Route

    Joined:
    Aug 23, 2018
    Messages:
    2,839
    Location:
    Bryan, Texas

    Display name:
    Mark
    I deleted it for you. You’re good to fly again
     
  7. MauleSkinner

    MauleSkinner Touchdown! Greaser!

    Joined:
    Oct 25, 2005
    Messages:
    13,457
    Location:
    Wichita, KS

    Display name:
    MauleSkinner
    Talk nicely to it…we don’t want to make it cry.
     
    Morgan3820 and DaleB like this.
  8. Getonit

    Getonit Pre-takeoff checklist

    Joined:
    Apr 15, 2013
    Messages:
    489

    Display name:
    Mark
    I remember flying 135 about 2005 and we had to check passengers against an excel spreadsheet someone downloaded from somewhere. We could check anybody we wanted I guess. My recollection and understanding might be off though, it was not a sophisticated solution.
     
  9. Clip4

    Clip4 Final Approach

    Joined:
    Jun 27, 2013
    Messages:
    8,290
    Location:
    A Rubber Room

    Display name:
    Cli4ord
    Pretty sure Abdallah, Abdellah, Abdollah, Abdullah , Abdulla or Abdalla already know they are on the list.
     
  10. Albany Tom

    Albany Tom Pattern Altitude

    Joined:
    Jul 23, 2021
    Messages:
    2,348

    Display name:
    Albany Tom
    The way to make sure a federal agency doesn't lose sensitive data is to not let the federal agency have sensitive data. This would be more hilarious if the same contractor worked on this as did the last support of the notam system.
     
  11. GaryM

    GaryM Pattern Altitude

    Joined:
    Apr 16, 2020
    Messages:
    1,880
    Location:
    New Jersey (KMMU)

    Display name:
    Gary M
    While reading it was no doubt interesting, being able to add or delete names from it was probably even more fun!
     
    SkyChaser likes this.
  12. Pinecone

    Pinecone Pattern Altitude

    Joined:
    May 24, 2022
    Messages:
    1,602
    Location:
    MD

    Display name:
    Pinecone
    Hmm, agreed. The people on it, know they are on it.

    But not TSA letting it out.
     
  13. Doug Reid

    Doug Reid Cleared for Takeoff

    Joined:
    Dec 29, 2013
    Messages:
    1,157
    Location:
    North Carolina

    Display name:
    Doug Reid
    Probably found in a box next to someone's old Corvette...
     
    Half Fast and MauleSkinner like this.
  14. midwestpa24

    midwestpa24 En-Route

    Joined:
    Mar 4, 2016
    Messages:
    4,384

    Display name:
    midwestpa24
    Only if they ever have tried to fly. TSA does not tell you if you are on it, and it is quite the legal process to even try to find out. The documents are SSI, but apparently someone at the airline must have saved a copy to their server which is a no no as well.

    The list has existed since 2001, and as far as I know this is the first time it was ever publicly leaked. Even then it was a 3 year old copy of it.
     
  15. MauleSkinner

    MauleSkinner Touchdown! Greaser!

    Joined:
    Oct 25, 2005
    Messages:
    13,457
    Location:
    Wichita, KS

    Display name:
    MauleSkinner
    IIRC, there was a politician who didn’t know he was on it.