‘Airlink International UAE’ Data Leak Is Now Freely Shared on the Dark Web

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A data leak that actually occurred a while back but was not covered by the media is now freely shared on at least two dark web forums. The compromised entity is ‘Airlink International U.A.E.,’ which is a travel and logistics firm that employs over two hundred people and has yearly revenues in the range of $250 million. The security incident happened due to a server misconfiguration that leaked the data, so there were no hacker breaches.

Unfortunately for both the company and the exposed individuals, the data that is being now shared for free with multiple actors concern highly sensitive details in 14 folders containing 53,555 files. It includes passport scans, flight bookings, hotel bookings, email communications of the firm and its customers, and insurance policy PDFs for international travel.

Obviously, clients' personally identifiable information is available in these files, including names, email addresses, phone numbers, and various travel details like expenses and duration of stays.

Source: Cyble
Source: Cyble

The passport scans alone are enough to cause a big headache to their holders, as someone could now forge fake ones, impersonate the owners online or on the physical world, phish them, scam them, and more. One way to deal with this would be to get a new passport, which of course, costs time and money to do. If you have done business with Airlink International U.A.E., we suggest that you get a new passport with a new number on it and declare the old one stolen.

Related: Almost All Airlines Are Vulnerable to Email Fraud Attacks

Moreover, you should remain vigilant with incoming communications and keep in mind that crooks now have both your phone number and your email address. Phishing attempts are the most likely, and since many actors have this data on their hands, you may see these attempts coming from multiple places. The original leak occurred back on May 30, 2020, so the period of potential scamming starts from then and will go on indefinitely.

As for Airlink International UAE, it remains unclear if the company sent notifications to the affected individuals, but considering the absence of laws that would force them to report data leaks to the relevant authorities in the United Arab Emirates, they almost definitely haven’t informed anyone.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: