Debit cards, UPI data of 7 lakh passengers allegedly exposed due to Railyatri Security Flaw
Important financial data of several employees might have been compromised due to a security flaw in Railyatri, a new report has claimed. The platform was reportedly left exposed due to inadequate security measures, that put the payment information and other personal data of lakhs of users at risk.
Important financial data of several employees might have been compromised due to a security flaw in Railyatri, a new report has claimed. The platform was reportedly left exposed due to inadequate security measures, that put the payment information and other personal data of lakhs of users at risk.
As reported by The Next Web, the data was saved on an unsecured server, and the ticket-booking platform potentially exposed personal information of over 7 lakh passengers. This includes full names, phone numbers, addresses, email IDs, ticket booking details, and partial credit or debit card numbers. The vulnerability that was first spotted by a team of cyber-security researchers on August 10.
The exposed Elasticsearch server was spotted by a team of researchers at cyber-security firm Safety Detectives on August 10. The security firm claimed that the affected server was left exposed without any encryption or password protection for several days.
WATCH Zee Business TV LIVE Streaming Online
Safety Detectives said in its blog that anyone with the server's IP address could have gained access to the full database. The blog pointed out that the data, amounting to nearly 43GB, mostly featured users based in India. The firm estimated that over 7 lakh individuals were likely affected by the vulnerability.
A RailYatri spokesperson told Zee Business that its team was instantly on its feet in efforts to resolve the issue as soon as it was brought to their notice by CERT-in (Indian Computer Emergency Response team.
“Post receiving the information, the testing server port was plugged immediately from the network. The server in question was a test server, and some of our logs were partially replicated on the same. As a general protocol, any and all data older than 24 hours are automatically deleted from the server. Further, we would like to clarify that report suggesting 7,00,000 email addresses leaked in 3 days is factually incorrect as it would be impossible for that to happen since the server contains at most a days-worth of data,” the statement read.
It further claimed that RailYatri does not store financial and other sensitive data with the exception of some partial details.
“We do not store credit card data on our servers. Data privacy is of utmost importance to us, and we have taken a thorough look at the issue to address it comprehensively. We are committed to the safety of user data,” it added.
However, it has closed the server after the security firm raised the matter with the government wing, Indian Computer Emergency Response Team (CERT-In).
The privacy breach can easily lead to the information being used for phishing or other scams. This can also cause physical security issues as people with malicious intents can misuse the location and travel plan details.
Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.
RECOMMENDED STORIES
Top 7 Mutual Funds With Highest SIP Returns in 1 Year: Rs 33,333 monthly SIP investment in No. 1 scheme has generated Rs 4.77 lakh; know about others too
Rs 55 lakh Home Loan vs Rs 55 lakh SIP investment: Which can be faster route to arrange money for Rs 61 lakh home? Know here
Rs 4,000 Monthly SIP for 33 years vs Rs 40,000 Monthly SIP for 15 Years: Which can give you higher corpus in long term? See calculations
SBI 444-day FD vs PNB 400-day FD: Here's what general and senior citizens will get in maturity on Rs 3.5 lakh and 7 lakh investments in special FDs?
Latest FD Rates: Know what SBI, PNB, Canara Bank, HDFC Bank, ICICI Bank are providing on 1-year, 3-year and 5-year fixed deposits
10:34 AM IST