Onefly A.I CyberSecurity Scoring
Onefly
Company Information
Website:https://www.onefly.com/
Employees number:17
Number of followers:1,107
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:onefly.com
Onefly Risk Score (AI oriented)
Between 650 and 699
OneflyTechnology, Information and Internet
Updated:
09/03/2026
09/03/2026
683/1000
Weak
B
Onefly Global Score (TPRM)
xxxx
OneflyTechnology, Information and Internet
Score locked

OneflyWeak
Current Score
683B (WEAK)
01000
1 incidents
-90 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
688
JUNE 2026
687
MAY 2026
685
APRIL 2026
685
MARCH 2026
684
FEBRUARY 2026
681
JANUARY 2026
681
DECEMBER 2025
679
NOVEMBER 2025
678
OCTOBER 2025
765
Breach
01 Oct 2025 • Onefly
OneFly, Airlines served by OneFly and Online Travel Agencies: Huge OneFly data breach sees traveler IDs and payment details leaked
OneFly Exposes Thousands of Sensitive Customer Records via Unsecured Elasticsearch Instance
675
CRITICAL-90
YATONE1770913859
OneFly Exposes Thousands of Sensitive Customer Records via Unsecured Elasticsearch Instance
Security researchers at Cybernews uncovered a significant data leak at OneFly, a global travel technology and flight content aggregator, exposing thousands of sensitive customer records through an unsecured Elasticsearch instance. The breach, detected in early October 2025, involved real-time exposure of data from nine internal Java Spring Applications, though the exact duration and total number of affected individuals remain unclear.
The leaked records included names, dates of birth, ID document details, flight information (numbers, prices, dates, destinations), full credit card details, and JWT tokens. Researchers identified approximately 10,000 ID records and 6,000 payment cards, describing the figure as a "rather minimal" estimate.
OneFly, which employs between 50 and 200 people, serves over 100 airlines and major online travel agencies (OTAs) worldwide, providing unified APIs for ticket inventories and pricing. The exposed data poses severe risks, including fraudulent transactions, identity theft, and phishing attacks targeting customers under the guise of airlines or travel agencies. Additionally, compromised JWT tokens could enable attackers to impersonate users and access internal systems.
Cybernews noted that the breach highlights the need for access control rules, refined logging processes, and IP whitelisting to prevent similar incidents. The company has not disclosed whether affected customers were notified.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2025
765
AUGUST 2025
765
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Onefly ??
What was Onefly's A.I Rankiteo Cyber Score in June 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in May 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in April 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in March 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in February 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in January 2026 ??
What was Onefly's A.I Rankiteo Cyber Score in December 2025 ??
What was Onefly's A.I Rankiteo Cyber Score in November 2025 ??
What was Onefly's A.I Rankiteo Cyber Score in October 2025 ??
What was Onefly's A.I Rankiteo Cyber Score in September 2025 ??
What was Onefly's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Onefly's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Onefly ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Onefly's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?