RailYatri Server Breached, Data Of 7 Lakh Users Exposed

Government-sanctioned Indian travel marketplace RailYatri witnessed a security breach on August 9, one which exposed the data of 7 lakh users on the platform. 

According to a report by antivirus review website Safety Detectives, the security team discovered the data breach on August 10, a day after the data was compromised, with all information on the company’s production server, left exposed, without password protection or encryption, to anyone who knew the server’s IP address. The report mentioned that the data breach led to a loss of 43 GB of data.

The report adds that while the security team at Safety Detectives tried to alert the target website RailYatri about the same on August 10, no action was taken to secure the server until August 17, when the team alerted the Indian Computer Emergency Response Team (CERT-In), the nodal authority for dealing cybersecurity threats. The server was taken offline on August 18. 

Further, the leaked data included user information such as full names, age, gender, addresses, email addresses, mobile numbers, payment logs, partial records of credit and debit card information, UPI IDs, train and bus ticket booking details, travel itinerary, authentication token information and user session logs. 

“Possibly the most damaging aspect of the data breach is the fact that our security team discovered partial credit and debit card payment logs including the name on the card, the first and last 4 digits of the card number, the card-issuing bank and card expiry information,” the report added.

“Thankfully, the leaked payment information was suppressed to reveal only partial copies of card numbers. This drastically reduces the chance of a malicious financial scam; however, resourceful hackers could still use the information on the server to launch phishing scams to induce victims to hand over their financial information.”

In an official statement released on Monday, RailYatri refuted the claims of a data breach, saying that the sever reported to have been compromised was a test server. While the company spokesperson argued that it was ‘impossible’ that 7 lakh email addresses were leaked since all data older than 24 hours is automatically deleted from the server, Safety Detectives’ security expert Anurag Sen was unconvinced, adding that on the day his team discovered the data breach, the server contained information from four days prior, August 6. 

India Remains Vulnerable To Cyber Attacks

According to an Inc42 report from January this year, government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019. 

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

In a bid to control the growing incidents of cybercrime in the country, the government, in February this year, set up a National Cyber Research, Innovation and Capacity Building Centre in Hyderabad, Telangana. 

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.