Sprigatito, a new Pokemon, appears to have unwittingly become the mascot of “anarchist kitten’s” massive No-Fly List leak.
Sprigatito unwittingly represents “anarchist kitten’s” massive No-Fly List leak
It has been reported that a Swiss hacktivist who calls themselves a “anarchist kitten” was able to obtain the America’ No Fly List, which contains the names of known or suspected terrorists, not by breaking through any impenetrable defense but rather because a regional airline left it kicking around an unprotected server. That’s the serious news, but everyone seems more interested in how anime the site hosting the leak is and how the newest Pokemon, Sprigatito, has become the unofficial mascot.
The TSA no fly list got leaked in the funniest possible way holy shit pic.twitter.com/ftCBrtIW4X
— dandy (@daxdives) January 22, 2023
It was boredom, as Maia Arson Crimew explains on a fabulously pink blog complete with a meowing sound pack. Not expecting to find much, she searched through exposed servers and came across one belonging to CommuteAir that held an old No-Fly List with over 1.5 million entries (though this number includes multiple aliases, so the actual number of unique individuals is much lower).
As part of her blog, Maia Arson Crimew snapped a picture of the sensitive information displayed on her computer screen. The screen is slightly obscured by a Sprigatito plush, however. Crimew explains that Bingle was a thank-you gift for discovering a “massive vulnerability” in the website of a Japanese merchandise reseller.
CommuteAir has confirmed the authenticity of the data to The Daily Dot, explaining that the exposed infrastructure was used for testing purposes and that the list is four years old. Although the exposed server contained information on nearly 1,000 CommuteAir employees, the airline maintains that no customer data was compromised.
Moreover, the Transportation Security Administration has confirmed it is aware of the cyber incident and is conducting an investigation.