{"id":1243155,"date":"2023-02-23T11:30:14","date_gmt":"2023-02-23T06:00:14","guid":{"rendered":"https:\/\/trak.in\/stories\/?p=1243155"},"modified":"2023-02-24T17:04:42","modified_gmt":"2023-02-24T11:34:42","slug":"irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale","status":"publish","type":"post","link":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/","title":{"rendered":"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours"},"content":{"rendered":"\n

Update: RailYatri contacted us, and provided us with an update:<\/em><\/strong><\/p>\n\n\n\n

We would like to clarify that recent media reports about a fresh leak at RailYatri are false and baseless. The breach occurred in December 2022, and we immediately took steps to address the issue within a few hours.<\/strong><\/em><\/p>\n\n\n\n

We take security seriously at RailYatri and post the last breach, we have taken further steps to enhance our security systems by working with two CERT-In empanelled auditors to conduct a deeper investigation. Our commitment to ensuring the safety and security of our users’ data remains our top priority.<\/em>“
<\/strong><\/p>\n\n\n\n

RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users\/travelers.\u00a0<\/p>\n\n\n\n

\"IRCTC-Approved<\/figure>\n\n\n\n

This is believed to have occurred in late December 2022.<\/p>\n\n\n\n

This is the second incident nearly three years after <\/a>the government-sanctioned ticketing platform suffered a data breach, exposing user data of some 7 Lakh users.<\/p>\n\n\n\n

What happened this time around?<\/strong><\/p>\n\n\n\n

The leaked data amounts to 12 GB containing email addresses, full names, genders, phone numbers, locations and 37,000 invoices which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.<\/p>\n\n\n\n

The database has been leaked <\/a>on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.<\/p>\n\n\n\n

The RailYatri data breach is not a typical case of hackers exploiting vulnerabilities.<\/p>\n\n\n\n

What happened back then?<\/strong><\/p>\n\n\n\n

Rather, it began in February 2020 when cybersecurity researcher Anurag Sen identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication.<\/p>\n\n\n\n

He identified a misconfigured Elasticsearch server exposed to the public without <\/a>any password or security authentication.<\/p>\n\n\n\n

He then went on to note that the server belonged to RailYatri and informed the company about the issue, which initially denied that it belonged to them. <\/p>\n\n\n\n

Going forward the company claimed that it was merely test data. <\/p>\n\n\n\n

At that time, the server contained over 700,000 logs with over 37 million entries in total including internal production logs.<\/p>\n\n\n\n

CERT intervention<\/strong><\/p>\n\n\n\n

However, after the Indian Computer Emergency Response Team (CERT-In) got involved <\/a>in August 2020, the company claimed that it was a test server and later secured it. \u201cBack in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted CERT-In, the server got closed,\u201d Sen told Inc42.<\/p>\n\n\n\n

Then two years later, on February 16th, 2023, hackers rattled the company with yet another security breach due to a new leak.<\/p>\n\n\n\n

\u201cBack in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,\u201d Anurag told Hackread.com. <\/p>\n\n\n\n

\u201cI have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,\u201d added Anurag.<\/p>\n\n\n\n

He believes that the latest data breach could have been avoided \u201cif the company had implemented proper cybersecurity measures from the outset.\u201d<\/p>\n\n\n\n

How to protect oneself<\/strong><\/p>\n\n\n\n

Users are advised to change their passwords and enable two-factor authentication on their accounts as a precautionary measure.<\/p>\n\n\n\n

Other safety measures include keeping a check on their bank accounts and credit card statements for any suspicious activity.<\/p>\n\n\n\n

This particular incident should be a stark reminder of the increasing frequency and severity of cyber attacks, particularly in the wake of the pandemic which has forced millions of people to rely on online platforms for their daily needs.<\/p>\n\n\n\n

Further, It highlights the need for companies to prioritize cybersecurity measures and take all necessary <\/a>steps to protect their customers\u2019 personal information.<\/p>\n\n\n\n

India unsafe<\/strong><\/p>\n\n\n\n

Unfortunately, India is one of the more vulnerable nations in the world when it comes to cyberattacks.<\/p>\n\n\n\n

A recent government report noted <\/a>that the country had 13.91 Lakh cybersecurity incidents last year, as tracked by it. <\/p>\n","protected":false},"excerpt":{"rendered":"

Update: RailYatri contacted us, and provided us with an update: “We would like to clarify that recent media reports about a fresh leak at RailYatri are false and baseless. The breach occurred in December 2022, and we immediately took steps to address the issue within a few hours. We take security seriously at RailYatri and […]<\/p>\n","protected":false},"author":24,"featured_media":1243160,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[135],"tags":[939,213,938],"class_list":["post-1243155","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-indian-railways","tag-data-hack","tag-irctc","tag-railyatri"],"acf":[],"yoast_head":"\nIRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups\" \/>\n<meta property=\"og:description\" content=\"Update: RailYatri contacted us, and provided us with an update: “We would like to clarify that recent media reports about a fresh leak at RailYatri are false and baseless. The breach occurred in December 2022, and we immediately took steps to address the issue within a few hours. We take security seriously at RailYatri and […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/\" \/>\n<meta property=\"og:site_name\" content=\"Trak.in - Indian Business of Tech, Mobile & Startups\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-23T06:00:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T11:34:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shreya Bose\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shreya Bose\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/\",\"url\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/\",\"name\":\"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups\",\"isPartOf\":{\"@id\":\"https:\/\/trak.in\/stories\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg\",\"datePublished\":\"2023-02-23T06:00:14+00:00\",\"dateModified\":\"2023-02-24T11:34:42+00:00\",\"author\":{\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/9817221c96a9aadc34f34cc7b8767dc6\"},\"breadcrumb\":{\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage\",\"url\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg\",\"contentUrl\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/trak.in\/stories\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trak.in\/stories\/#website\",\"url\":\"https:\/\/trak.in\/stories\/\",\"name\":\"Trak.in - Indian Business of Tech, Mobile & Startups\",\"description\":\"Trak.in is a popular Indian Business, Technology, Mobile & Startup blog featuring trending News, views and analytical take on Technology, Business, Finance, Telecom, Mobile, startups & Social Media Space\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trak.in\/stories\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/9817221c96a9aadc34f34cc7b8767dc6\",\"name\":\"Shreya Bose\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1404d637610526a87c014a8eac9883a6c61491f1e6553d1946b0dd0b135713be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1404d637610526a87c014a8eac9883a6c61491f1e6553d1946b0dd0b135713be?s=96&d=mm&r=g\",\"caption\":\"Shreya Bose\"},\"url\":\"https:\/\/trak.in\/stories\/author\/shreya-bose\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/","og_locale":"en_US","og_type":"article","og_title":"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups","og_description":"Update: RailYatri contacted us, and provided us with an update: “We would like to clarify that recent media reports about a fresh leak at RailYatri are false and baseless. The breach occurred in December 2022, and we immediately took steps to address the issue within a few hours. We take security seriously at RailYatri and […]","og_url":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/","og_site_name":"Trak.in - Indian Business of Tech, Mobile & Startups","article_published_time":"2023-02-23T06:00:14+00:00","article_modified_time":"2023-02-24T11:34:42+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg","type":"image\/jpeg"}],"author":"Shreya Bose","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Shreya Bose","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/","url":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/","name":"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours - Trak.in - Indian Business of Tech, Mobile & Startups","isPartOf":{"@id":"https:\/\/trak.in\/stories\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage"},"image":{"@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage"},"thumbnailUrl":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg","datePublished":"2023-02-23T06:00:14+00:00","dateModified":"2023-02-24T11:34:42+00:00","author":{"@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/9817221c96a9aadc34f34cc7b8767dc6"},"breadcrumb":{"@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#primaryimage","url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg","contentUrl":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/trak.in\/stories\/irctc-approved-ticketing-app-hacked-sensitive-data-of-3-1-cr-passengers-on-sale\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/trak.in\/stories\/"},{"@type":"ListItem","position":2,"name":"IRCTC-Approved Ticketing App Was Hacked In December: Data Of 3.1 Cr Passengers Was Put On Sale | Issue Was Resolved In Hours"}]},{"@type":"WebSite","@id":"https:\/\/trak.in\/stories\/#website","url":"https:\/\/trak.in\/stories\/","name":"Trak.in - Indian Business of Tech, Mobile & Startups","description":"Trak.in is a popular Indian Business, Technology, Mobile & Startup blog featuring trending News, views and analytical take on Technology, Business, Finance, Telecom, Mobile, startups & Social Media Space","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trak.in\/stories\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/9817221c96a9aadc34f34cc7b8767dc6","name":"Shreya Bose","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1404d637610526a87c014a8eac9883a6c61491f1e6553d1946b0dd0b135713be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1404d637610526a87c014a8eac9883a6c61491f1e6553d1946b0dd0b135713be?s=96&d=mm&r=g","caption":"Shreya Bose"},"url":"https:\/\/trak.in\/stories\/author\/shreya-bose\/"}]}},"jetpack_featured_media_url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2023\/02\/Untitled-design-13-2-1280x720-1.jpeg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1243155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/comments?post=1243155"}],"version-history":[{"count":2,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1243155\/revisions"}],"predecessor-version":[{"id":1243236,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1243155\/revisions\/1243236"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/media\/1243160"}],"wp:attachment":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/media?parent=1243155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/categories?post=1243155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/tags?post=1243155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}