Plane tracker app FlightAware admits user data exposed for years42 comment bubble on whitePrivacy blunder alert omits number of key detailsiconConnor JonesTue 20 Aug 2024 // 14:30 UTCUpdated Popular flight-tracking app FlightAware has admitted that it was exposing a bunch of users' data for more than three years.It made the admission via a notification filed last week with Rob Bonta, California's attorney general, saying the leak began on January 1, 2021, but was only detected on July 25 of this year.The incident was blamed on an unspecified configuration error. It led to the exposure of personal information, passwords, and various other personal data points you'd expect to see in a breach, depending on what information the user provided in their account.The full list of potentially impacted data points is below:User IDPasswordEmail addressFull nameBilling addressShipping addressIP addressSocial media accountsTelephone numbersYear of birthLast four digits of your credit card numberInformation about aircraft ownedIndustryTitlePilot status (yes/no)Account activity (such as flights viewed and comments posted)Social Security NumberHow was this data exposed? Why were SSNs in there? We asked FlightAware and will update the story if it responds.The downside of filing data leak notifications in California is that the state doesn't require companies to publicly disclose how many people were affected, unlike Maine, for example, which does.