Security News > 2023 > January > U.S. No Fly list shared on a hacking forum, government investigating
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum.
BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server.
We verified with Thalen and another source that the lists posted on the forum are the same no-fly and selectee lists that were recently discovered on the CommuteAir server.
BleepingComputer reviewed a portion of these lists-provided as two CSV files named, 'NOFLY' and 'SELECTEE.' The latter list likely names some of the passengers who undergo a Secondary Security Screening Selection at airports when flying into the U.S. The no-fly spreadsheet posted on the forum contains 1,566,062 records, and includes duplicates/spelling variations of some names.
The No Fly list is generally withheld from the public eye.
Although the security breach originated at an exposed AWS server belonging to an airline, it has sent chills down the U.S. government machinery, with government officials and lawmakers probing into the matter.