IRCTC App Hacked! Data Of 900,000 IRCTC Users Being Sold Online; Is Your Data Safe?
Last year, user data leaked from the Indian Railway Catering and Tourism Corporation (IRCTC) website of more than 9 lakh users has resurfaced on the dark web now!
Read on to know more…
Can the Leaked Data Pose a Threat In Any Way?
Cyble, a dark web risk monitoring firm, noticed the leaked records on the dark web. After removing duplicates, the firm found over 9 lakh rows of user information.
The leaked records are easily downloadable and include users’ full names, mobile numbers, date of birth, gender, marital status, city of origin, and state of residence. The good news is that sensitive information like payment details, home addresses, travel dates, or even email addresses are not part of the leaked data.
The data posted on the DarkWeb community was leaked in 2019 but was shared again on October 13.
The firm said that they came across a post wherein the user had allegedly claimed that the leaked data from IRCTC website of over 1 lakh users in 2019 had shared the data on the dark web again.
Moreover, the user who has shared the data hasn’t demanded any fee for the leaked data nor has IRCTC received any ransom note or extorted. Therefore, it seems the user that shared the data didn’t exfiltrate it.
However, even if the data is old and doesn’t contain any sensitive information, it can be easily used for fraudulent activities and spam texts/calls.
If you want to check whether your data has been leaked or not, Cyble has acquired and indexed the data on their data breach monitoring and notification platform, AmiBreached.com.
You can register on the platform to check or download the mobile application (available on iOS and Android).
What Does IRCTC Have To Say?
As per NDTV reports, IRCTC spokesperson and PRO Siddharth Singh said that no user data has been leaked and all the data in the leak seems to be of a very general nature and something that’s available even on e-commerce portals.
IRCTC clarified that this data seems to be old and a part of a breach that happened 5 years ago.
IRCTC In Denial?
Cybersecurity expert Jiten Jain told NDTV “IRCTC is partially right. The data that is available on the dark web now is not a new breach. It happened almost 5 years ago. Somebody is reselling that data now.”
IRCTC is currently in denial mode, added the expert.
Whether the leaked data is old or new, it is still out there and it can pose a threat to people’s privacy!