RailYatri, the company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without password protection or encryption on August 10. It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In). However, that was too late to save most of the information stored there: the Meow bot struck on August 12 and apparently deleted all but 1GB of the data.
Exposed in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.