RailYatri Server Breached, Data Of 7 Lakh Users Exposed

RailYatri Server Breached, Data Of 7 Lakh Users Exposed

RailYatri Server Breached, Data Of 7 Lakh Users Exposed

Indian travel marketplace RailYatri’s server was breached on August 9, with all information on the company’s production server exposed

Reportedly, the data breach affected 7 lakh users on the platform, exposing their personal information such as names, email addresses, as well as partial information of their credit/debit cards

RailYatri denied the claims, saying that the server breached was a test server which didn’t store any information for more than 24 hours

Government-sanctioned Indian travel marketplace RailYatri witnessed a security breach on August 9, one which exposed the data of 7 lakh users on the platform. 

According to a report by antivirus review website Safety Detectives, the security team discovered the data breach on August 10, a day after the data was compromised, with all information on the company’s production server, left exposed, without password protection or encryption, to anyone who knew the server’s IP address. The report mentioned that the data breach led to a loss of 43 GB of data.

The report adds that while the security team at Safety Detectives tried to alert the target website RailYatri about the same on August 10, no action was taken to secure the server until August 17, when the team alerted the Indian Computer Emergency Response Team (CERT-In), the nodal authority for dealing cybersecurity threats. The server was taken offline on August 18. 

Further, the leaked data included user information such as full names, age, gender, addresses, email addresses, mobile numbers, payment logs, partial records of credit and debit card information, UPI IDs, train and bus ticket booking details, travel itinerary, authentication token information and user session logs. 

“Possibly the most damaging aspect of the data breach is the fact that our security team discovered partial credit and debit card payment logs including the name on the card, the first and last 4 digits of the card number, the card-issuing bank and card expiry information,” the report added.

“Thankfully, the leaked payment information was suppressed to reveal only partial copies of card numbers. This drastically reduces the chance of a malicious financial scam; however, resourceful hackers could still use the information on the server to launch phishing scams to induce victims to hand over their financial information.”

In an official statement released on Monday, RailYatri refuted the claims of a data breach, saying that the sever reported to have been compromised was a test server. While the company spokesperson argued that it was ‘impossible’ that 7 lakh email addresses were leaked since all data older than 24 hours is automatically deleted from the server, Safety Detectives’ security expert Anurag Sen was unconvinced, adding that on the day his team discovered the data breach, the server contained information from four days prior, August 6. 

India Remains Vulnerable To Cyber Attacks

According to an Inc42 report from January this year, government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019. 

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

In a bid to control the growing incidents of cybercrime in the country, the government, in February this year, set up a National Cyber Research, Innovation and Capacity Building Centre in Hyderabad, Telangana. 

You have reached your limit of free stories

want to read the full story?

Unlock This Story & Enjoy All Members-Only Benefits With Inc42 Plus.

Unlock 60% OFF
Cancel Anytime
Unlock 50% OFF
Cancel Anytime
Already A Member?

Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RailYatri Server Breached, Data Of 7 Lakh Users Exposed-Inc42 Media

How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RailYatri Server Breached, Data Of 7 Lakh Users Exposed-Inc42 Media

Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RailYatri Server Breached, Data Of 7 Lakh Users Exposed-Inc42 Media

Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RailYatri Server Breached, Data Of 7 Lakh Users Exposed-Inc42 Media
RailYatri Server Breached, Data Of 7 Lakh Users Exposed-Inc42 Media

You’re in Good company