Spirit Airlines' Abandoned Azure Booking APIs and Exposed Phishing Domains
7 hours ago
- #infrastructure
- #cybersecurity
- #phishing
- Spirit Airlines ceased operations on May 2, 2026, leaving active web infrastructure, including a booking flow that still processes transactions and a live Azure API issuing valid flight records.
- The airline's website had a root redirect to a bankruptcy info page, but internal links like 'BOOK' remained functional, exposing sensitive endpoints and allowing payment processing despite liquidation.
- Critical phishing domains (spiritrefunds.com, spiritliquidation.com, spiritrefund.com) were left unregistered and available for $11.48 each; the author defensively registered them to prevent scams and redirect traffic.
- The exposed Azure endpoint, previously handling millions in daily transactions, continues to operate without monitoring, risking data breaches and accumulating cloud costs.
- Analysis of traffic to one defensive domain showed 43 likely human visits in hours, indicating desperate customers searching for refund information, with no official communication from Spirit.