Over 7 lakh RailYatri users’ data has been reportedly leaked via an unsecured server due to inadequate security measures. According to a report by TheNextWeb, the details of the database included full names, phone numbers, addresses, email IDs, ticket booking details, UPI Ids, GPS location, and partial info on debit and credit card numbers. The breach that put a huge number of users’ data at risk was spotted by a team of cybersecurity researchers on August 10.
As per the cybersecurity firm, Safety Detectives, the affected server was exposed because it had no encryption or password for several days. The data was exposed to an extent that anyone with an IP address could have accessed 43GB of data, the cybersecurity firm revealed in a blog. However, RailYatri denied the alleged data breach and released a statement.
Full statement from RailYatri spokesperson
“At RailYatri, we take the safety and privacy of our user-base seriously, and as soon as the issue was brought to our notice by CERT-In (Indian Computer Emergency Response team) a week back, our team was instantly on its feet in efforts to resolve the issue then and there. Post receiving the information, the testing server port was plugged immediately from the network. The server in question was a test server, and some of our logs were partially replicated on the same. As a general protocol, any and all data older than 24 hours are automatically deleted from the server. Further, we would like to clarify that report suggesting 7,00,000 email addresses leaked in three days is factually incorrect as it would be impossible for that to happen since the server contains at most a days-worth of data.
Having said so, we would like to assure our users that RailYatri does not store financial and other sensitive data with the exception of some partial details. We do not store credit card data on our servers. Data privacy is of utmost importance to us, and we have taken a thorough look at the issue to address it comprehensively. We are committed to the safety of user data.”
The server was closed after the security firm raised the issue to the Indian Computer Emergency Response Team (CERT-In). This Meow bot targets unsecured databases that run Elasticsearch, Redis, or MongoDB servers and deletes it. The alleged bot attack led to the deletion of almost entire server data that included 37 million records including log files, the cybersecurity firm further revealed.
Express Tech is now on Telegram. Click here to join our channel (@expresstechie) and stay updated with the latest tech news.