Arik Air has suffered a massive data leak compromising over 600,000 customers' details in an Amazon S3 leak.

The large file in CSV files was detected in a research conducted by Justin Paine, Head of Trust & Safety, Cloudflare, an internet security company based in U.S.

According to Justin, these sensitive files were owned by Arik Air, "West-Africa's leading airline" and the bucket contains 994 CSV files.

“Some of these CSV files contain in excess of 80,000+ rows of data while other files contain 46,000+ rows of data, and in some cases, files only contain 3 rows of data, ” Justin said in a report via the website - rainbowtabl.es.

“The lack of data protection law makes Nigerian vulnerable to issues like that and Paradigm Initiative has been talking about this for the last four year,” Sodiq Alabi, Communications Lead at Paradigm Initiative told Business Insider.

Alabi said companies, industries are collecting data without any law backing how they use it and it is virtually impossible for citizens to seek redress if abuse occur.

Why customer's information is in danger

According to Paine, a malicious person could potentially use this sensitive information to the target one of these customers of Arik Air for identity theft.

“With the information included in this leak a fraudster would have plenty of useful data points -- the person's name, email, first 6 and last 4 of the credit card, and a hint as to what the person's 2FA values might be so they could then focus on compromising that 2FA account (email or phone number) to take steal the users identify.”

Some of the customers' data are from Teflon Hub, PayportSA, Flutterwave, Ntel and some commercial banks in Nigeria and other African countries with passengers on Lagos to Port Harcourt flights as most affected.

Information such as “dates of sale, payment values, types of currency used, device fingerprints -- which may relate to the use of mobile devices or desktop systems -- and in some cases, the departing and arriving airports all appear to be in the data dump.”

Justin Paine reaches out to reach Arik Air

Justin Paine, the data researcher said he contacted Arik Air over a month ago to disclose the leak but unable to reach them after multiple attempts.

“... after multiple messages on their corporate Facebook page and Facebook messages I eventually received a reply and they provided me with the email address for a security point of contact. Several days later the security point of contact confirmed they would review my report, and that was the last I heard from Arik Air. In all -- roughly 1 month elapsed from the time I notified them to the time they took action to acknowledge my report and to secure their customer's data.”

It is not certain if any data have been affected by the leak but this could cause customers a whole lot of hard earned cash and could be among the biggest leak in Africa.

Nigerians react to report on data leak

Akin Oyebode in a twitter post described the inability of Arik Air to respond as a madness.

“A breach of individual and corporate information, and it takes a month for Arik to reply or take action. See the corporate details exposed, includes banks. Madness.”

Business Insider SSA contacts Arik Air communications team

Several calls from Business Insider SSA to Arik Air on Wednesday, October 31, 2018, were unanswered.

But Sources told BISSA that the organisation is currently working on the data leak report as some heads may roll in the coming days.