Nearly a quarter of a million users of Swedish flight tracking service Flightradar24 may have had their emails and passwords compromised by a recent data breach.
Flightradar24, one of the leading providers of real-time aircraft flight information, initially advised its customers to change their passwords, without making any public announcement of a breach. This over-subtle approach caused many recipients to suspect that the alert was itself a phishing attack. Finally, the company had to use social media to verify the incursion and confirm the authenticity of its password reset link.
Fortunately, the original passwords were hashed for extra protection and only users registered before March 20126 were affected. Flightradar24 has now closed down the affected server and automatically retired all old passwords.