Among personal information, the RailYatri hack has also exposed the location details of millions of travellers across India.
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travellers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online.
The 12 GB worth of leaked data includes email addresses, full names, genders, phone numbers, locations and 37,000 invoices which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
Hackread.com can confirm that the database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.
RailYatri and its Data Breach Yatra
RailYatri means train passenger, while Yatra stands for the journey. The RailYatri data breach is not a typical case of hackers exploiting vulnerabilities, stealing, and leaking data. In fact, it began in February 2020 when cybersecurity researcher Anurag Sen identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication.
Sen noted that the server belonged to RailYatri and informed the company about the issue, which initially denied that it belonged to them. Later, the company claimed that it was merely test data. At that time, the server contained over 700,000 logs with over 37 million entries in total including internal production logs.
In 2020, Railyatri managed to secure its data only when Indian Computer Emergency Response Team (CERT-In) got involved; however, two years later, on February 16th, 2023, hackers rattled the company with yet another security breach due to a new leak.
“Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,” Anurag told Hackread.com. “I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” added Anurag.
Anurag believes that the latest data breach could have been avoided “if the company had implemented proper cybersecurity measures from the outset.”
Hackread.com advises all users to change their passwords and enable two-factor authentication on their accounts as a precautionary measure. They have also advised users to monitor their bank accounts and credit card statements for any suspicious activity.
This breach serves as a stark reminder of the increasing frequency and severity of cyber attacks, particularly in the wake of the COVID-19 pandemic, which has forced millions of people to rely on online platforms for their daily needs. It highlights the need for companies to prioritize cybersecurity measures and take all necessary steps to protect their customers’ personal information.