AirAsia Hacked – 5 Million Passengers’ and Employees’ Data Stolen

Daixin Team launched a ransomware attack against AirAsia Group. The incident happened earlier this month over the course of two days, resulting in the leak of personal information pertaining to 5 million unique passengers as well as employees.

AirAsia is a Malaysian multinational low-cost airline headquartered near Kuala Lumpur, Malaysia. They operate scheduled domestic and international flights to more than 165 destinations spanning 25 countries.

A recent report from the American cybersecurity and intelligence agencies mentioned Daixin Team and warned of attacks primarily targeted at the healthcare industry.

Details of the Data Breach

DataBreachesnet reports that it was provided with two .csv files that Daixin Team also provided to AirAsia Group. 

EHA

The first file holds the information on named passengers and the second file has employee information with numerous fields that included name, date of birth, country of birth, location, date employment started, their “secret question,” “answer,” and salt.

.csv File with Personal and Work-related Data

Daixin actually received a response from AirAsia when the group contacted the airline. The ransomware gang withheld information on the amount it demanded from AirAsia and whether the international airline had paid any of the ransom. 

It is believed that no money has been paid given that Daixin has told DataBreaches that it will put AirAsia’s data, including backdoor information, into the public.

“We do not know how much Daixin Team demanded to provide a decryption key, delete all data they had exfiltrated, and inform AirAsia Group of the vulnerabilities that had been found and exploited”, DataBreaches.net

The network, in accordance with Daixin’s representative, is rather chaotic and doesn’t seem to have any established standards, which irritated the attackers who subsequently decided not to proceed.

“The poor organization on AirAsia Group’s network spared the company further attacks”, Daixin’s spokesperson stated 

“The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack”.

Daixin said DataBreaches that in addition to leaking the passenger and employee data on their dedicated leak site, the group plans to make information about the network — “including backdoors” — available privately and freely on hacker forums. The DAIXIN Team disclaims responsibility for future negative consequences.

Reports stated that in both 2020 and 2021, Malaysia Airlines reported data security incidents. There have been breaches at other Malaysian airlines than AirAsia Group.

Biggest BlackFriday Cyber Sale!! Learn 100+ Advanced Cyber Security Courses Online – Ethical Hackers Academy

Apply $100 Discount Coupon: BlackFriday2022

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.