Unknown has
published on GitHub the source codes of Aeroflot web applications, including the code responsible for charging bonuses and creating gift certificates. The leak occurred due to negligence - the
server with the Docker container registry was accessible to everyone via HTTP without authorization and encryption.
(source of images - The Register )
')
Containers were used to deploy aeroflot.ru site services. User data, fortunately, was not affected.
The researcher who published the source code hopes that Aeroflot will start paying more attention to information security.
Update 1: The company
replied that these containers have not been used for several years and do not contain actual data. However, this
is doubtful , since some files were
changed in August of this year.