RailYatri Data breach – Over 31 Million Users Data Exposed

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

India’s government-approved online travel agency, RailYatri suffered a massive data breach, exposing the personal information of over 31 million people. The database of private information has been released online, and the breach is suspected to have happened in late December 2022.

The Indian Railway Catering and Tourism Corporation (IRCTC) bus and train tickets are available for purchase on RailYatri’s website. Users may also check live train timings, trip status, offline timetables, seat availability, and offline GPS train status.

The RailYatri data breach is not a common instance of hackers taking advantage of flaws, collecting data, and releasing it. 

Actually, reports say it all started in 2020 when cybersecurity expert Anurag Sen discovered a misconfigured Elasticsearch server that was accessible to everyone online without a security password or any authentication.

List Of The Types Of Data Found On Railyatri’s Unprotected Server:

  • Full names
  • Age
  • Gender
  • Physical addresses
  • Email addresses
  • Mobile phone numbers
  • Payment logs
  • Partial records of credit and debit card information
  • Unified Payment Interface (UPI) ID
  • Train and bus ticket booking details
  • Travel itinerary information including which stations passengers boarded/disembarked
  • Users’ GPS location information including MCC, MNC, LAC, and CellID data:

MCC: mobile country code to identify the country

MNC: mobile network code to identify the mobile operator

LAC: location area code to identify pockets of base stations

CellID: unique number to identify each base transceiver station or sector

  • Authentication token information
  • User session logs including login times

It was found that the partial credit and debit card payment logs including the name on the card, the first and last four digits of the card number, the card-issuing bank, and card expiry information possibly the most damaging aspect of the data breach.

RailYatri’s data exposure in 2020 Via @safetydetectives

RailYatri’s database was attacked by a malicious bot called Meow on August 12, 2020, with the vast majority of data being deleted during the intrusion. The database’s size had shrunk from 43GB to 1GB at the time of the most recent check on 13 August 2020, despite the fact that new data is being added on a daily basis.

Notably, despite some duplicates, the database contained over 700,000 email addresses, indicating that the breach affected approximately 700,000 people.

Details of the Leak

Anurag believes that the latest data breach could have been avoided “If the company had implemented proper cyber security measures from the outset.”

Effects of the Data Breach

There are many obvious risks associated with disclosing personally identifiable information (PII). Malicious actors can gather any small nugget of information that seems harmless and utilize it later with other data to trick their intended victim.

Users’ contact information may be utilized in a variety of frauds, and personal data exposed in the hack may be used to induce malware downloads and click-throughs.

As users purchased tickets through RailYatri, the server recorded the users’ locations and also provided integrated GPS capabilities to follow the progress of their travel. Hackers might use this information to find the user’s closest cell tower and, possibly, the user’s true location, including their present address.

Regular train passengers produce distinct and recognizable travel patterns that bad actors could utilize to execute violent crimes against the person directly.

How Can You Protect Your Personal Data?

  • Be sure the website is secure before entering any personal information that could get you into problems if it became public, such as government ID numbers.
  • Using a combination of letters, numbers, and symbols, create secure passwords.
  • Never click links in emails unless you are certain that the sender is trustworthy.
  • Check all of your social media accounts to confirm that your postings are private. 
  • Avoid entering passwords and credit card information on unprotected Wi-Fi networks.
  • Learn more about what constitutes cybercrime, the most effective safeguards against phishing scams, and how to stay clear of ransomware.

Network Security Checklist – Download Free E-Book