- Online travel ticket booking marketplace Railyatri users data has been breached.
- According to the reports, This breach has affected the data of 7 lakh Railyatri users.
- Reportedly, This data breach has exposed the data like name, email address, password, GPS location as well as credentials like debit/credit cards.
- Railyatri said that it was a test server that doesn’t host any of users details.
On August 9, Indian government sanctioned online travel ticket booking marketplace Railyatri noticed a security flaw in their servers, This security flaw has breached the data of 7 lakh users on the platform.
Reportedly, This data breach has affected the data of 7 lakh users on the platform. According to the reports, information like users name, email address, passwords, GPS location as well as credential details like debit/credit cards have exposed.
Furthermore, Data breach has been a significant concern in the online industry. Earlier, Facebook was alleged for data breach of millions of its users. Now, Railyatri has been alleged for the data breach of its users.
Responding to the current scenario, Railyatri spokesperson denied to this allegation, said, it was a test server and we do not store any kind of users information on it. Also, We do not store the users’ data for more than 24 hours, our system automatically deletes the users data from the servers after 24 hours. he added.
Moreover, The flaw was first reported by The Next Web team. According to the reports, the flaw was exposed by a team of security experts at cyber-firm Safety Detectives on August 10. The security firm said that the affected servers was left exposed without any security measures like encryption or password protection for several days.
According to the Safety Detectives, on August 12, a Meow bot attack lead to the deletion of nearly the entire server data. Meow Bot attack is a new type of cyber-attack that deletes unsecured databases that run ElasticSearch, Redis, or MongoDB servers.
Furthermore, Railyatri Spokesperson said that report suggesting 7,00,000 email addresses leaked in three days is factually incorrect as it would be impossible for that to happen since the server contains at most a days-worth of data.
Adding the statement, we would like to assure our users that RailYatri does not store financial and other sensitive data with the exception of some partial details. We do not store credit card data on our servers. Data privacy is of utmost importance to us, and we have taken a thorough look at the issue to address it comprehensively. We are always working on the security improvements to secure the users’ data on our platform.