Asiana Airlines site has data leak

A lack of security on Asiana Airlines’ website exposed the sensitive information of 47,000 passengers, which included photocopies of passports that contained not only dates of birth but also residential addresses.

Asiana Airlines on Monday released a statement that some of the information saved on the frequently asked questions (FAQ) of its Internet bulletin board could be accessed through a simple system manipulation.

“The exposure is limited to those who attached files within contents they uploaded on the board,” an Asiana spokesman said. To explain how personal data was leaked through image files uploaded on the FAQ board, the spokesman said, “In special cases like changing names, air carrier members uploaded official documents like family relation certificates, which personal information is recorded.”

Attached image files also were susceptible to third-party access. “There was an exposure of the universal resource locator [URL] for those attached files by some error.”

The airliner confirmed in a telephone interview that the error wasn’t a result of hacking. “It seems there was a weak spot in our website and we are currently fixing it,” the company spokesman said.

A total of 47,023 contents listed on the FAQ board as of May 2015 might have been exposed through web manipulation, but only one case was seen to have been accessed and that file was accessed by the media to confirm the error, Asiana Airlines said.

The air carrier immediately shut down its FAQ server after it was notified of the error at 11 a.m. Monday. The company is currently verifying the number of customers who had their information exposed.

The airliner will report the error case to the Korea Internet & Security Agency to further strengthen the security of its Internet service.

“The FAQ server will be fixed and be back in service by today,” the airline said in a statement.

BY KIM JEE-HEE [kim.jeehee@joongang.co.kr]