This can be the mother of all hacks India has ever encountered. Website of Indian Railway Catering and Tourism Corporation or IRCTC which handles online ticketing platform of Indian Railways has been hacked; and vital details of over 1 crore users are compromised, stolen and most probably available in underground market for sale.
As per reports coming in, details such as email id, PAN card, phone number etc of these 1 crore users of IRCTC website are at extreme risk of being stolen and sold for profit.
This is a scary situation, and we will recommend to immediately change passwords of your IRCTC account and in case your email and IRCTC has the same password, then immediately change your email password as well.
Update: IRCTC has confirmed with trak.in that IRCTC was not hacked and they are looking into database sale. Here is the tweet.
@vipultalwar @trakin IRCTC website has not been hacked. Enquiry is being conducted regarding alleged data sale.
— IRCTC Ltd. (@IRCTC_Ltd) May 5, 2016
IRCTC Hack Was ‘Discovered’ Incidentally
In a strange turn of events, the hack was discovered incidentally, during a security check. As per AK Manocha, Managing Director of IRCTC, there has been no official complaint on this matter; and they have informed Mumbai Police regarding this sabotage.
It seems that IRCTC ‘discovered’ this sabotage incidentally, while they were conducting a routine security check. Manocha said, “We got some information from our internal sources. So we decided to crosscheck.”
Public Relations Office of IRCTC has issued an official statement: “IG Maharashtra police cyber cell has informed IRCTC about Data theft from its website but the details of the said data are still to be shared with IRCTC. IRCTC will be issuing a detailed press note later today,”
Mumbai Police has informed the Cyber Cell Division of Delhi Police, and they are now conducting a detailed inquiry and investigation in this case.
What Can Be The Damage?
Last year, IRCTC upgraded their system, and enabled booking of 7,200 tickets per minute. On an average, around 5-7 lakh tickets are booked per day on IRCTC website, and 1 crore+ users have registered their accounts with them.
The details of users such as email id, phone number, PAN Card, address etc are available in the IRCTC database, and hackers could have stolen all or some of these information. It is not yet clear that upto which extent the database was compromised, and which details were stolen.
Just to give an overview, IRCTC churned out revenues of Rs 20,620 crore last year, only through online bookings and they posted profits of Rs 130 crore, which was 90% more compared to 2014.
Last year, in April, IRCTC accomplished 13 lakh ticket bookings in one single day.
As per experts, there is no danger of leaking credit card/debit card details, as the user needs to get out of the IRCTC website, and use a payment gateway to make the payment.
We will keep you updated as more details come in..
