Pokemon’s Sprigatito becomes the unwitting mascot of “anarchist kitten’s” colossal No-Fly List leak
Bingle, I choose you!
A Swiss hacktivist and self-described "anarchist kitten" has managed to obtain America's No Fly List – which contains the identities of known or suspected terrorists – not through breaching any impenetrable defence, but reportedly because a regional airline left it kicking about an unprotected server. That's the serious part of the news, but what people are talking about is how anime the website that hosts the leak is, and that new Pokemon on the block Sprigatito has seemingly become the mascot of all of this.
Maia Arson Crimew explains on a fabulously pink blog featuring a meowing sound pack that the hack began out of relative boredom. She was scouring exposed servers not expecting to find much before stumbling upon an exposed server belonging to CommuteAir, containing an old No-Fly List containing over 1.5 million entries (that does, however, involve multiple aliases, so the number of unique individuals is far below that.
As part of the blog, Maia Arson Crimew took a photo of her screen containing the sensitive information. What's slightly obscuring the screen, though, is a plush of a Sprigatito. That would be Bingle, who Crimew explains came into her possession as a thank-you gift for finding a "massive vulnerability" in a Japanese merch reseller's website.
Naturally, the internet has had its say, which you can see the highlights of down below.
an uwu trans polyam anarchist hacking their way into the united state’s no fly list and blogging it on their super cute website at (name) dot crime dot gay is the most biblically accurate depiction of hacking that i’ve seen in the 21st centuryJanuary 23, 2023
Trans-fems rule the world and the no fly list hack is just another example 🏳️⚧️🖤 pic.twitter.com/CaA2Hz8NJUJanuary 22, 2023
The no fly list being leaked with :3 being in the same page is INSANE LMAOOOOOO pic.twitter.com/baNf0TsSENJanuary 22, 2023
Since the blog’s publication, Commute Air has confirmed the legitimacy of the data to The Daily Dot, explaining that the exposed infrastructure was used for testing purposes and that the list is four years old. While the exposed sever also included information on almost 1,000 CommuteAir employees, the airline maintains no customer information was breached.
Additionally, the Transportation Security Administration has confirmed that its aware of the cybersecurity incident and is investigating.
Elsewhere in the Pokemon fandom, the owner of that valuable Pokemon Yellow copy destroyed by US customs says they were shocked by "senseless damage".
Sign up to the 12DOVE Newsletter
Weekly digests, tales from the communities you love, and more
Iain joins the GamesRadar team as Deputy News Editor following stints at PCGamesN and PocketGamer.Biz, with some freelance for Kotaku UK, RockPaperShotgun, and VG24/7 thrown in for good measure. When not helping Ali run the news team, he can be found digging into communities for stories – the sillier the better. When he isn’t pillaging the depths of Final Fantasy 14 for a swanky new hat, you’ll find him amassing an army of Pokemon plushies.