Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India.
A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data of nearly 31 million (31,062,673) subscribers and travelers. The breach is thought to have happened in late December 2022, and the database of private data is currently being published online.
Email addresses, complete names, genders, phone numbers, and locations are among the data that has been hacked, putting millions of people at risk of identity theft, phishing scams, and other online crimes.
A hacker and criminal site called Breachforums emerged as a rival to the well-known and now-seized Raidforums and can confirm that the database has been exposed there.
The passenger on a train is referred to as a RailYatri, while a Yatra is a journey. The RailYatri data breach is not a typical instance of hackers taking advantage of flaws, collecting data, and releasing it. It all started in February 2020 when cybersecurity expert Anurag Sen discovered a misconfigured Elasticsearch server accessible to everyone online without a security password or any authentication.
New post from https://t.co/9KYxtdZjkl (Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted) has been published on https://t.co/NM2Rlt5OgZ pic.twitter.com/vpWgp6Kag2
— www.sesin.at (@www_sesin_at) February 20, 2023
Sen informed RailYatri of the problem and pointed out that the server belonged to them; at first, they disputed ownership. Later, the business said it was just test data. The server had about 37 million entries in total, including internal production logs and over 700,000 logs at that time.
Only when the Indian Computer Emergency Response Team (CERT-In) intervened in 2020 was Railyatri able to safeguard its data; two years later, on February 16, 2023, hackers shook the business with yet another security breach because of a new leak.
Numerous Data Exposure On RailYatri
“Back in 2020, when I contacted Railyatri, they never reacted or reached out to me, but once I contacted Cert-In, the server got shut down.” Anurag continued, “I have reported numerous data leaks in India; the main problem I observed is that these corporations are not receiving fines because India does not have a GDPR-like statute.
According to Anurag, the most recent data leak could have been prevented “if the organization had put in place suitable cybersecurity procedures from the beginning.”
It is recommended that all users change their passwords frequently and turn on two-factor authentication for added security. Users have also been encouraged to keep an eye on their credit card and bank statements for any strange activity.
As a result of the COVID-19 epidemic, which caused millions of people to rely on internet platforms for their everyday necessities, this breach serves as a sharp reminder of the increasing regularity and severity of cyber attacks. It emphasizes the necessity for businesses to prioritize cybersecurity measures and take all required precautions to secure their consumers’ personal information.
Conclusion
A threat actor posing as RailYatri on BreachForums released a database of more than 30 million users on February 16. With the most recent hack at the e-booking services website RailYatri, Indian Railways’ cybersecurity practices are once again being questioned.
Concern and criticism are flying after it was discovered that over 30 million user records connected to the train ticketing platform were being traded on the dark web. According to the post, the Indian Railway Catering and Tourism Corporation (IRCTC)-approved travel booking app experienced a data breach in December of last year, during which the personal information of 31 million users was stolen.