Security researchers accessed the database by using easily guessable password combinations
Personal data of the fliers was stored in an unencrypted database backup file
Personal information such as name, phone number, and email address was compromised
While data breaches are common for internet companies, a new data breach has affected one of India’s largest airlines, SpiceJet. According to TechCrunch, the latest data breach compromised personal details of 1.2 Mn passengers of SpiceJet.
On how the breach occurred in the first place, security researchers said that they got access to SpiceJet’s database by using easily guessable password combinations. The personal data of passengers was stored in an unencrypted database backup file, according to the security researchers who work as white-hat security professionals aka ethical hackers.
Personal information of passengers including names, phone numbers, email addresses, and dates of birth was stored in the database. Additionally, information related to SpiceJet flights was also easily accessible for anyone who knew where to look, the security researchers added. The leaked information also includes personal details of government officials.
Does SpiceJet Value Personal Data?
The security experts further said that they had approached SpiceJet about the data breach but much to their surprise, the company never sent an appropriate response to the discovery.
With SpiceJet not taking any serious action towards the data breach, the researchers then alerted the Indian Computer Emergency Response Team (CERT-In). The nodal body commissioned for preventing cybersecurity attacks in India then alerted SpiceJet about the breach. It was after CERT-In’s alert that finally got SpiceJet to take action and secure the database.
In response to the data breach, SpiceJet said that it respects the safety and security of its fliers’ data. “Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process,” the airline company added. SpiceJet has a market share of 13% in India’s aviation market and it flies around 600 aeroplanes each day on average.
In India, the number of data breaches have ramped up in the past few years. According to a new Data Security Council of India (DSCI) report, India has been identified as the second most cyberattacks affected country between 2016 to 2018. Besides the like of large internet organisations such as WhatsApp, Facebook, and Google, companies such as OnePlus and JustDial have also faced the wrath of data breaches.
In November 2019, Chinese smartphone maker OnePlus had announced a security breach that affected some of its users, including India and other countries. On the other hand, a major security flaw was found on the mobile application of Indian hyperlocal search engine JustDial in October 2019.