Jump to content
Sign in to follow this  
Sethos

Potential Flight1 data breach, consider changing your passwords

Recommended Posts

2 minutes ago, Sethos said:

I hate when this sort of thing happens. If true, the first people we should have heard from should have been flight1.

Of course, it seems that's never how it works.


We are all connected..... To each other, biologically...... To the Earth, chemically...... To the rest of the Universe atomically.
 
Devons rig
Intel Core i5 13600K @ 5.1GHz / G.SKILL Trident Z5 RGB Series Ram 32GB / GIGABYTE GeForce RTX 4070 Ti GAMING OC 12G Graphics Card / Sound Blaster Z / Meta Quest 2 VR Headset / Klipsch® Promedia 2.1 Computer Speakers / ASUS ROG SWIFT PG279Q ‑ 27" IPS LED Monitor ‑ QHD / 1x Samsung SSD 850 EVO 500GB / 2x Samsung SSD 860 EVO 1TB /  1x Samsung - 970 EVO Plus 2TB NVMe /  1x Samsung 980 NVMe 1TB / 2 other regular hd's with up to 10 terabyte capacity / Windows 11 Pro 64-bit / Gigabyte Z790 Aorus Elite AX Motherboard LGA 1700 DDR5

Share this post


Link to post

How in the world isn't Flight1 addressing this at least directly with us via email ?

Pretty bad netizenship on their part, whether this is true or not ... 

 


Enrique Vaamonde

Share this post


Link to post

Just changed my password at Flight1 and noticed my username had been changed as well.

Share this post


Link to post

Hi,

We got notice of this in our ticket system this morning and have been looking into it. Please note that plain passwords are not stored. Only 1-way advanced hashing of passwords are stored. We also do not save any useful card payment data (that is why you have to enter card data for each purchase). You likely do not need to change any passwords or other information (based on our preliminary examination today).

If you have any more information which could be of help post us a ticket at our site. Usernames are still the same... we auto generated usernames when doing system upgrades and they will be rather generic.

  • Like 1
  • Upvote 1

Thanks,

 

Steve Halpern

Flight One Software

Share this post


Link to post

Thank you for the update, Steve.

On another note, has anyone noticed the amount of views on this thread? 177.000+ at the time of writing. Seems a tad... excessive?


Asus TUF X670E-PLUS | 7800X3D | G.Skill 32GB DDR @ CL30 6000MHz | RTX 4090 Founders Edition (Undervolted) | WD SNX 850X 2TB + 4TB + 4TB

Share this post


Link to post
2 hours ago, Sethos said:

Thank you for the update, Steve.

On another note, has anyone noticed the amount of views on this thread? 177.000+ at the time of writing. Seems a tad... excessive?

Why wouldn't anyone who has purchased at Flight1 NOT look at this thread?

Share this post


Link to post
22 minutes ago, yurei said:

Why wouldn't anyone who has purchased at Flight1 NOT look at this thread?

Heh, I doubt almost a quarter of a million views in a few hours is just Flight1 customers popping by. Think that would qualify the thread as one of the highest view counts on Avsim. Just found it curious and I assume there's something wrong on Avsim's end, especially with all the errors and timeouts they've been having.

Edited by Sethos

Asus TUF X670E-PLUS | 7800X3D | G.Skill 32GB DDR @ CL30 6000MHz | RTX 4090 Founders Edition (Undervolted) | WD SNX 850X 2TB + 4TB + 4TB

Share this post


Link to post

There is something wrong. The only way I can get into the forum is to get in via my profile activity, ie click on my last post and then click on "Hangar Chat" at the top of the page.

Chris

Share this post


Link to post

I received this by email

Quote

(Please do not reply to this email as this mailbox is not monitored)

Important Information:

Yesterday, September 5, 2019, Flight1 was notified that some of our customer data was found on the internet. We are posting what we have discovered.

First, Flight1 is a data-minimum company. We do not store more data than what is required to provide our service and we do not use data for marketing purposes. We do not store credit card numbers with the exception of the last 4 digits so you can inquire about a sale. Credit card expiration dates and CCV verification numbers are NOT stored. Card processing data is passed directly to the processing gateway and is not retained in our database. All flight1.com account passwords are stored as secure 1-way hash codes using an advanced algorithm. Please see our terms of service page for more details on our data policies.

What was discovered:

An audit was completed and does not show any active exploit on our server or database. We have examined our server logs going back a full year. Discovered during the audit was a script (for viewing information on a product) where logs showed there were attempts to retrieve data using an automated bot. We believe this is where some data may have been leaked. Not all current accounts were affected and yours may not have been affected. That version of the script is no longer in use and has not been in use for months. In auditing the current version of the script no vulnerabilities were found (also verified in current logs).

What you should do:

Due to the strong 1-way hashing used we do not believe it is necessary for you to change your passwords, but you are welcome to do so. Flight1 recommends you always be vigilant on the Internet. Be aware of email phishing attempts. Flight1 NEVER sends unsolicited emails asking you to log in to our site, or ask for any payment information via email..

In Summary:

Whether you have been a customer of ours for 20+ years or are a new customer, know that security is always at the top of our list and will remain so. Thank you for your support and please feel free to contact us.

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...