Store data on unsecured servers included users’ full names, phone numbers, home addresses, email addresses, ticket booking details, and even credit and debit card numbers. This flaw was first reported by the cyber-security researcher team on 10 August.
Railyatri Indian ticketing platform has put the payment information and personal data of millions of users at risk due to inadequate security. According to the report, RailYatri had saved the users ‘data on an unsecured server, from where one could easily access 7 lakh users’ personal data. Public data included full names of users, phone numbers, home addresses, email addresses, ticket booking details and even credit and debit card numbers. This flaw was first revealed by the cyber-security researcher’s team on 10 August. Cyber-security firm Safety Detectives , as reported by
The Next WebThe team of ReSurers first spotted the Elasticsearch server on 10 August. The team found that the affected server was accessible for several days without any encryption and password protection. Safety Detective stated in its blog that anyone can access this entire database with the server’s IP address.
Also Read: Validity of driving licences and motor vehicle documents extended till 31 Dec
The blog also informed that 43 GB of data is available on the server, in which most users are Indians. The firm estimated that more than 7 million people could be affected by the platform’s drawback.
A company spokesperson in this regard claimed that he does not store “financial and other sensitive data”. He said that he does not store credit card details on the server. Apart from this, the spokesperson also informed that only one day’s data is stored on the Rail Yatri server, data older than 24 hours is automatically deleted. In such a situation, they have denied the data leaked information of more than 7 lakh people.
In a blog post Safety Detective informed that on August 12, the Meow bot has deleted almost the entire server’s data. Meow bot is a new type of cyber-attack, which deletes unsafe databases running on Elasticsearch, Redis or MongoDB servers.