Another day, another breach. This time the victim is Malindo Air, a subsidiary of Indonesia's Lion Group. According to various news reports, the airline was investigating a data breach involving the personal details of its passengers. The airline also released a statement confirming the breach.

“Malindo Airways Sdn Bhd has come to be aware that some personal data concerning our passengers hosted on a cloud-based environment may have been compromised. Our in house teams, along with external data service providers, Amazon Web Services (AWS) and GoQuo, our e-commerce partner are currently investigating into this breach.”

What comes to our mind following this statement was how cybercriminals were able to breach data that was stored on AWS, a renowned cloud service provider. CyberSecurity Asean have reached out to AWS for comments and are still waiting for their replies.
It also made us ponder the cybersecurity measures taken by the airlines. Airlines are common targets for cybercriminals with Cathay Pacific and British Airways facing similar data breaches on passenger information quite some time ago.

The statement also mentioned that Malindo Air has adequate measures to ensure that the data of its passengers are not compromised in line with the Malaysian Personal Data Protection Act 2010. The airline stated that is does not store any payment details of customers in their servers and are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

Apart from engaging with the authorities regarding the breach, Malindo Air is also enlisting independent cybercrime consultants to investigate and report into this incident. The airline also advised passengers with Malindo Miles accounts to change their passwords if identical passwords have been used on their other services online.

According to a report on South China Morning Post, the files of passengers who flew with Thai Lion Air and Malindo Air, subsidiaries of Lion Air, were uploaded and stored in an open Amazon Web Services bucket, a public cloud storage resource.

The news report stated that files, titled “Passenger Details” or “Passengers” contain full names, home addresses, email addresses, dates of birth, phone numbers, passport numbers and expiration dates. Four files, two belonging to Malindo Airlines and two belonging to Thai Lion Air, were dumped online by a figure known as Spectre, who operates a dark web site that publishes download links for leaked data and hacked databases.

The report also stated that the data was dumped in groups on instant messaging service Telegram, as well as on cloud storage and file-hosting services such as mega.nz and openload.cc, which still prese an active link to these databases.
Cybersecurity provider Kaspersky released a statement saying they never produced any report or any other specific intelligence on the Lion Group airlines data leak.

“On September 13, two days after information about the Malindo Air and Thai Lion Air data breach went public, we sent an alert to our Kaspersky Security Cloud users in Thailand and Malaysia. The alert notified them of the breach and asked them to treat incoming emails, text messages, and calls with additional caution. This was done via Security News - the in-product component used to rapidly inform our users about important cybersecurity-related news emerging in the public domain. Kaspersky has never produced a report or any other specific intelligence on the Lion Group airlines data leak. The information was earlier reported by Under the Breach twitter channel.”

Meanwhile, CSA reached out to Michael Petit, Head of Cloud Security, Asia Pacific & Japan, Check Point Software Technologies to get his comments and views on the issue.

"Data stored in cloud services like Amazon Web Services (AWS) S3 buckets are only as secure as their security configuration settings. Cloud services are convenient but require proper configuration for the best security possible within the confines of such technologies. Companies may have hundreds, thousands or even millions of S3 buckets or similar cloud data storage on other competing platforms.”

He explained with such complexity of data storage in the cloud, it is imperative for companies to persistently audit and correct misconfigurations, as cloud services may also change their settings occasionally. This is a necessarily laborious and time-consuming process for companies. Companies can also tap on more automated cybersecurity solutions that may help to alleviate human errors in configuration, and help to actively enforce cybersecurity best practices, and reduce identity theft and data loss in the cloud.

CSA also reached out to Michael Sentonas, Vice President, Technology Strategy, CrowdStrike. He pointed out that Malindo or any company that has been a victim of a breach would now have to rebuild their security network. The call for responses would be to identify what they’ve lost and build a a better security ecosystem.