An estimated data of 43GB of over 700,000 passengers of Railyatri fell prey to a security glitch that led to the leakage personal information in India.This data included the names, phone numbers, email IDs, partial debit and credit card numbers, and ticket booking details as per report by The Next Web.
A team of researchers at Safety Detectives led by Anurag Sen, saw an Elasticsearch server on August 10. The researchers also confirmed that these affected servers have left the data of 700,000 people, exposed. Apart from that encryption and password protection were absent in the server for many days. Anyone with the server’s IP address could’ve gained access to the database.
There were more than 37 million records in the database. Most of them included the Unified Payments Interface ID’s, email ID’s, phone numbers, partial debit and credit card details, addresses and ticket details that were exposed in the attack.Safety Detectives reached out Computer emergency response team (CERT-In) and even RailYatri to bring the issue to their notice so that a possible fix can be released. However, neither RailYatri nor CERT-In reverted to this.
Railyatri has been downloaded over 10 million times and has a rating of 4.5 stars on the Google Play Store.