Pokemon’s Sprigatito becomes the unwitting mascot of “anarchist kitten’s” colossal No-Fly List leak

Pokemon's Sprigatito looks on in shock
(Image credit: Pokemon Company)

A Swiss hacktivist and self-described "anarchist kitten" has managed to obtain America's No Fly List – which contains the identities of known or suspected terrorists – not through breaching any impenetrable defence, but reportedly because a regional airline left it kicking about an unprotected server. That's the serious part of the news, but what people are talking about is how anime the website that hosts the leak is, and that new Pokemon on the block Sprigatito has seemingly become the mascot of all of this.

Maia Arson Crimew explains on a fabulously pink blog (opens in new tab) featuring a meowing sound pack that the hack began out of relative boredom. She was scouring exposed servers not expecting to find much before stumbling upon an exposed server belonging to CommuteAir, containing an old No-Fly List containing over 1.5 million entries (that does, however, involve multiple aliases, so the number of unique individuals is far below that. 

As part of the blog, Maia Arson Crimew took a photo (opens in new tab) of her screen containing the sensitive information. What's slightly obscuring the screen, though, is a plush of a Sprigatito. That would be Bingle, who Crimew explains (opens in new tab) came into her possession as a thank-you gift for finding a "massive vulnerability" in a Japanese merch reseller's website. 

Naturally, the internet has had its say, which you can see the highlights of down below. 

See more
See more
See more

Since the blog’s publication, Commute Air has confirmed the legitimacy of the data to The Daily Dot (opens in new tab), explaining that the exposed infrastructure was used for testing purposes and that the list is four years old. While the exposed sever also included information on almost 1,000 CommuteAir employees, the airline maintains no customer information was breached.

Additionally, the Transportation Security Administration has confirmed that its aware of the cybersecurity incident and is investigating.

Elsewhere in the Pokemon fandom, the owner of that valuable Pokemon Yellow copy destroyed by US customs says they were shocked by "senseless damage".

Deputy News Editor

Iain joins the GamesRadar team as Deputy News Editor following stints at PCGamesN and PocketGamer.Biz, with some freelance for Kotaku UK, RockPaperShotgun, and VG24/7 thrown in for good measure. When not helping Ali run the news team, he can be found digging into communities for stories – the sillier the better. When he isn’t pillaging the depths of Final Fantasy 14 for a swanky new hat, you’ll find him amassing an army of Pokemon plushies.