Highlights:
- The security flaw in RailYatri exposed user names, payment information
- The flaw was first spotted by Safety Detectives, a cyber-security firm
- RailYatri has closed the unprotected server in questio
RailYatri is an Indian travel marketplace which was founded in 2011 and was reportedly left exposed due to inadequate security measures put in place, which has put the payment information and other personal data of lakhs of users at risk.
According to the report, that data was saved on a server which was unsecured and the online ticket-booking platform potentially exposed the personal information of more than 7 lakh passengers which includes Full Names, Phone Numbers, Addresses, E-Mail IDs, Ticket Booking Details, a Part of both Debit and Credit Card Numbers.
This flaw was first spotted by a team of cyber-security researchers on the 10th of August.
According to the report by The Next Web, the exposed Elasticsearch server was spotted by a team of researchers at cyber-security firm Safety Detectives on August 10.
The European security firm discovered that the affected server was left exposed without any encryption or password protection for several days. Safety Detectives, in its blog, said that anyone with the server’s IP address could have gained access to the full database.
Also Read: Top 10 Made In India Apps That You Should Know
The blog said that the data which amounted to almost 43 GB and mostly featured of users from India. The firm has estimated that more than 7 lakh people could have been affected by this vulnerability which was left unchecked for several days.
A national news agency tried to get in touch with RailYatri for a statement. However, the company did not respond while the report was uploaded.
When the report was written, RailYatri neither responded to The Next Web nor the Security Detectives, however, they did close the server after the security firm raised the matter with the government wing, Indian Computer Emergency Response Team (CERT-In).
On the 12th of August, a Meow boot attack led to the deletion of almost all of the server data as per the blog post of the Safety Detectives. The report from a leading news agency said, “The Meow bot is a new type of cyber-attack that deletes unsecured databases that run Elasticsearch, Redis, or MongoDB servers.”
The database in question had more than 37 million (or 3.7 crore) records which included log files. The type of information exposed due to the fault contained Full Names, Age, Sex, Physical/ E-Mail Addresses, Contact Numbers, Payment Logs, UPI IDs, Train and Bus Booking details, and Travel Itinerary information. It also carried partial records of Credit and Debit Card information along with the GPS Location Information of the users.
