Data from over 130,000 customers of a car rental company in Gran Canaria are offered in a forum. Thousands of people from Germany are also affected.
Anyone who has rented a car from Plus Car on holiday in Gran Canaria or on a business trip in the past few years could be affected by a data leak. The security researchers Moritz Gruber and Matteo Große-Kampmann from Aware7 discovered a corresponding database in a publicly accessible forum. The file is available for download there.
The database contains a total of 130,518 data sets, most of which came from European citizens, explained Gruber Golem.de. According to an initial count, 16,319 of these are German data records. It includes the first and last name, address, email address, telephone number, and flight number of the person concerned.
"The leaked data starts on October 24th, 2016, and continues into the current month," explained Gruber. The record was posted on September 12th in the public forum. The CSV file can be downloaded there against payment of a few euros.
How the forum users were able to get to the data is not known. Aware7 has informed the Cert-Bund about the leaked data. In addition to private email addresses, also business addresses in the data leak.
Based on the stored email addresses, Gruber suspects that most of the data is private. For example, 2,121 email addresses in the German data set would end up on T-online.de, 2,582 on Gmx.de, and 2,798 on Web.de.
However, there were also some company data in the leak. For example, domains from several cities, including Berlin and Hamburg, an insurance company, a metalworker, and a linen manufacturer.
Most recently, the two security researchers analyzed a data leak on Facebook and discovered the information from several members of the Bundestag.
All parliamentary groups represented in the Bundestag were affected. The affected politicians could see the telephone number, sometimes also the email address and other information such as place of residence or gender.