Update: RailYatri contacted us, and provided us with an update:
“We would like to clarify that recent media reports about a fresh leak at RailYatri are false and baseless. The breach occurred in December 2022, and we immediately took steps to address the issue within a few hours.
We take security seriously at RailYatri and post the last breach, we have taken further steps to enhance our security systems by working with two CERT-In empanelled auditors to conduct a deeper investigation. Our commitment to ensuring the safety and security of our users’ data remains our top priority.“
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travelers.
This is believed to have occurred in late December 2022.
This is the second incident nearly three years after the government-sanctioned ticketing platform suffered a data breach, exposing user data of some 7 Lakh users.
What happened this time around?
The leaked data amounts to 12 GB containing email addresses, full names, genders, phone numbers, locations and 37,000 invoices which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
The database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.
The RailYatri data breach is not a typical case of hackers exploiting vulnerabilities.
What happened back then?
Rather, it began in February 2020 when cybersecurity researcher Anurag Sen identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication.
He identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication.
He then went on to note that the server belonged to RailYatri and informed the company about the issue, which initially denied that it belonged to them.
Going forward the company claimed that it was merely test data.
At that time, the server contained over 700,000 logs with over 37 million entries in total including internal production logs.
CERT intervention
However, after the Indian Computer Emergency Response Team (CERT-In) got involved in August 2020, the company claimed that it was a test server and later secured it. “Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted CERT-In, the server got closed,” Sen told Inc42.
Then two years later, on February 16th, 2023, hackers rattled the company with yet another security breach due to a new leak.
“Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,” Anurag told Hackread.com.
“I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” added Anurag.
He believes that the latest data breach could have been avoided “if the company had implemented proper cybersecurity measures from the outset.”
How to protect oneself
Users are advised to change their passwords and enable two-factor authentication on their accounts as a precautionary measure.
Other safety measures include keeping a check on their bank accounts and credit card statements for any suspicious activity.
This particular incident should be a stark reminder of the increasing frequency and severity of cyber attacks, particularly in the wake of the pandemic which has forced millions of people to rely on online platforms for their daily needs.
Further, It highlights the need for companies to prioritize cybersecurity measures and take all necessary steps to protect their customers’ personal information.
India unsafe
Unfortunately, India is one of the more vulnerable nations in the world when it comes to cyberattacks.
A recent government report noted that the country had 13.91 Lakh cybersecurity incidents last year, as tracked by it.
