[BreachExchange] Malindo Air identifies employees of e-commerce contractor behind data breach

Destry Winant destry at riskbasedsecurity.com
Wed Sep 25 10:36:23 EDT 2019


Two rogue employees of Malaysian e-commerce services provider GoQuo
have been identified as the culprits behind a security breach that
compromised the personal data of Malindo Air and Thai Lion Air
passengers. The Malaysian and Thai airlines are subsidiaries under
Indonesia's low-cost carrier group, Lion Air.

The two former employees were based at GoQuo's development centre in
India and "improperly accessed and stole" personal data of the
airlines' customers, said Malindo Air in the latest of a series of
statements regarding the breach. The carrier said it had reported the
incident to the police in Malaysia as well as India.

Stressing that all its systems were "fully secured", it further noted
that the data leak had been "contained" and reiterated that no payment
details were compromised in the breach. It also initiated an auto-rest
of all its customers' passwords.

Personal data compromised in the breach included the passenger's date
of birth, passport number, and mobile number.

Malindo Air said the incident was "not related" to the security of its
data infrastructure or that of its cloud provider, Amazon Web Services

The Malaysian airliner said it was working with all relevant agencies
regarding the breach, including the Malaysian Personal Data Protection
Commissioners and National Cyber Security Agency.

Malindo Air said it had engaged data forensics and cybersecurity
specialists to review its existing data infrastructure and processes.

The carrier did not say how many customers were impacted by the
security breach, but various reports put the number between 21 million
and 30 million, including Thai Lion Air passengers.

In a previous statement to ZDNet, an AWS spokesperson said its
services and infrastructure "worked as designed and were not
compromised in any way".

"Neither the use of cloud services nor the geographic location of the
data had any bearing on the issue," it added, but declined to reveal
where the AWS servers containing Malindo Air's data resided or whether
the airline had given specific instructions on where its data should
be stored.

Commenting on the breach, HackerOne's IT head Aaron Zander said:
"Leaving a server exposed without any protection is one of the most
basic and embarrassing security failings, but these breaches still
continue to happen across the board. When it comes to securing the
data of ever more informed consumers, the basics of security need to
be covered at a minimum.

"When moving such data to a cloud environment, maintaining an
understanding who is accessing what and when is key so the risk of
unauthorised access is minimised.

"Modern engineering teams have many people who can improve on your
infrastructure and security, but equally as many people can make a
mistake. Continued testing and checks help keep everyone's data safe,
especially your customers."

Amazon Web Services says servers containing customer information
belonging to the Malaysian airline are secured, following a breach
that compromised personal data of 21 million passengers, including
that of Malindo's sister company, Thai Lion Air.

Threat actors are collaborating more effectively than legit businesses
in the region, which aren't sharing enough intelligence with others in
the industry, says Microsoft Asia CSO.

Healthcare organisations in Asia-Pacific can incur economic losses of
up to US$23.3 million from cybersecurity incidents, though, 45% have
either experienced or are not even sure if they have experienced a
cyber attack.

Just 31% of Asian consumers believe their personal data will be
managed in a trustworthy way by businesses offering digital services,
with 40% revealing their trust has been compromised whilst using such

A quarter of Asia-Pacific companies have experienced a security
incident, while 27% aren't even sure because they haven't conducted
any data breach assessment--even as the region is estimated to have
lost US$1.75 trillion last year due to cyber attacks.

More information about the BreachExchange mailing list