Entire US "no fly list" leaked online after being left on an unsecured server

News
By published

1.5 million entries have been exposed on the US "No Fly" list

Airplane
(Image credit: Pixabay)

The entire of the US "No Fly List" has been exposed online by a Swiss hacker who reportedly found three sensitive files stored on an unsecure cloud storage server. 

One of the files contains the information of more than 1.5 million entries into the list, which covers individuals who have been barred from travelling to or from the US.

The data was found out of boredom, according to a blog post written by the hacker, known online as maia arson crimew, which saw her searching Shodan for exposed Jenkins servers.

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

No Fly List breach

Digging around the exposed CommuteAir server resulted in the discovery of three .csv files: employee_information.csv, nofly.csv, and selectee.csv. Arguably the most notable, and the one to have caused the biggest stir in recent days, has been the nofly.csv, reported to contain the information of flyers banned in the US.

The nofly.csv file was almost 80MB in size, containing more than 1.56 million rows of data related to individuals who must not fly within the US, though it has been reported that a large proportion of these entries include aliases.

Aliases are used in an effort to avoid detection by such lists, and can involve changes to the first name and surname, including common misspellings, and changes to birth dates. 

One such example, according to Daily Dot which first reported on the matter, includes the recently freed Russian arms dealer, Viktor Bout, with at least 16 related aliases.

Overall, it was estimated in 2016 that there were 81,000 individual people on the US No Fly List, taking into account multiple aliases per person. 

Read more

> These are the best endpoint protection solutions around

> Cloud-based cyberattacks have seen a huge rise

> War Thunder players have leaked restricted military documents... again

With regards to the data exposed in 2023, crimew said: “It’s just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries”.

Besides this list, crimew also exposed a list containing personally identifiable information of CommuteAir’s crew members, including full names, addresses, phone numbers, passport numbers, pilot license numbers, and more.

Erik Kane, corporate communications manager for CommuteAir, confirmed that the data was legitimate and came from a 2019 version of the federal No Fly List, also recognizing the exposure of staff data. Kane said: “We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation.”

TechRadar Pro has asked the company for further comment on the matter.

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
The International Civil Aviation Organization in Montreal, Canada
International Civil Aviation Organization investigating possible records data breach
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
Password
Millions of airline customers possibly affected by OAuth security flaw
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
The cast of The Residence peek from a doorway

Netflix's #2 most-watched show is the new madcap whodunnit The Residence –here are 3 more mysteries to stream next
See more latest
Most Popular
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound