The leak of the source code of web services "Aeroflot"
Unknown published on GitHub the source codes of Aeroflot web applications, including the code responsible for charging bonuses and creating gift certificates. The leak occurred due to negligence - the server with the Docker container registry was accessible to everyone via HTTP without authorization and encryption.
(source of images - The Register )
Containers were used to deploy services of the site aeroflot.ru. User data, fortunately, was not affected.
The researcher who published the source code hopes that Aeroflot will start paying more attention to information security.
Update 1: The company replied that these containers have not been used for several years and do not contain actual data. However, this is doubtful , since some files were changed in August of this year.
(source of images - The Register )
Containers were used to deploy services of the site aeroflot.ru. User data, fortunately, was not affected.
The researcher who published the source code hopes that Aeroflot will start paying more attention to information security.
Update 1: The company replied that these containers have not been used for several years and do not contain actual data. However, this is doubtful , since some files were changed in August of this year.