In-Flight Wi-Fi at 11 km Altitude Leaked Passengers' Personal Data and Passwords Directly into Hackers' Hands
From Paris to New York—the Anuvu leak has affected travelers from all continents.
From Paris to New York—the Anuvu leak has affected travelers from all continents.
Anuvu, a provider of services for the aviation and maritime industries specializing in in-flight entertainment and connectivity (IFEC), has fallen victim to a hacker attack. The incident has drawn attention to the fact that the leaked data reveals the use of Starlink services by the company's clients.
The attack became known after a post on a popular forum where malicious actors exchange stolen information. The message claimed that the hackers managed to gain access to administrative accounts allowing them to work with Anuvu's infrastructure on AWS and Postgres databases. To confirm their words, the author attached a sample of confidential data.
Among the stolen data is a trove of credentials containing full names, email addresses, password hashes, and physical addresses. According to researchers' estimates, a significant portion of the records date back to 2024. The compromised data also includes the names of Anuvu's top managers, and many addresses are linked to the offices of client companies.
One of the screenshots demonstrates a list of Anuvu's maritime partners, indicating company names, Salesforce IDs, and types of markets served. Another part of the leak contains contract lines with Starlink, including customer details, order IDs, and service lines. This data indicates that Anuvu purchased services from Starlink, and the leak has revealed which clients used Starlink's services through Anuvu's infrastructure.
According to researchers, the compromised credentials pose the greatest danger. Although many passwords are from 2024, some users may not have changed them since then or made only minimal alterations. Such a dataset can be used for targeted phishing attacks against Anuvu itself and its clients. The credential stuffing scenario is also a significant threat: attackers can use login-password combinations from old leaks to attempt logins on other platforms, knowing that many users tend to reuse passwords across different services.
The logins include both customer and employee accounts, which may indicate their use in client panel interfaces. Some of the listed physical addresses match real offices, and the usernames appear genuine.
Anuvu, previously known as Global Eagle, works with over 150 airlines and 30 cruise operators. Its partners include Air France, Delta, Southwest, and British Airways. The company's annual revenue is estimated at approximately $370 million, with a global workforce of about a thousand people. Anuvu has not yet commented on the incident.
