Expert Commentary: Travel Site Exposed 37 Million Records Before Meow Attack

RailYatri, the company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without password protection or encryption on August 10. It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In). However, that was too late to save most of the information stored there: the Meow bot struck on August 12 and apparently deleted all but 1GB of the data.

Exposed in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chris DeRamus
Chris DeRamus , VP of Technology Cloud Security Practice
InfoSec Expert
August 25, 2020 10:18 am

The MeowBot is a recent phenomenon that some theorize is the work of a vigilante trying to teach a “hard lesson in security.” There is certainly a lesson here for RailYatri and all organizations on the consequences of leaving a server exposed without password protection or encryption. When a data leak occurs, not only does the organization have to deal with the fallout of lost information, but the personally identifiable information (PII) exposed could make individuals impacted vulnerable to phishing and scammers. In this specific incident, the exposed location data could even put these customers in physical danger if malicious actors use this PII to track travel patterns and routines to plan attacks on individuals. The significance of this data leak underscores the continuous need for identity and access management governance among organizations.

Unsecured databases have been a considerable problem for businesses, and the most effective way companies can ensure sensitive data stays out of the hands of threat actors is with Identity and Access Management (IAM) governance. Especially with entities like MeowBot on the loose, organizations need to take steps to secure their databases so only authorized users can gain access. Protecting the identity perimeter at scale from unauthorized access requires automated monitoring and remediation around access management, role management, identity authentication, and compliance auditing. This can be achieved by implementing automated security tools that rigorously protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure holistic security and compliance. Such a proactive approach can prevent sensitive information from being stolen or erased by malicious actors and keep customer data safe.

Last edited 2 years ago by Chris DeRamus
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x