Popular Indian ticketing platform, RailYatri, is reported to have exposed the private information of over 7 lakh (700,000) users due to an unsecure server. The platform, for those unaware, allows users across India to easily book railway and bus tickets. It has today been reported that RailYatri’s servers suffered a massive data breach (due to inadequate safety protocols) with almost 43GB of data on the exposed server.
The exposed Elasticsearch server was first spotted by a team of researchers at the cybersecurity firm, Safety Detectives, on August 10. While the team was reviewing the server data, it was hit by a Meow bot attack that wiped almost all of the server data. A massive 43GB database, which contained more than 37 million records, was reduced down to just around 1GB.
The Meow bot attack, for the uninitiated, is a new type of attack that erases unsecured Elasticsearch, MongoDB, or Redis servers. So, what all data could have been leaked by the unsecured server? It contained more than 37 million records with log files and over 7 lakh unique e-mail addresses.
Not just e-mail addresses, the security firm says that the server also revealed a user’s full name, phone number, address, gender, age, and payment logs. It even included UPI IDs, credit and debit cards (saved payment info), and the user’s GPS location as well. This means one could use all of this information to not only locate you but learn about any of your upcoming travel plans.
The security researchers first contacted the company to resolve the security issue but received no reply. It then reached out to the Indian National Computer Emergency Response Team (CERT-In) and the server vulnerability was fixed within a day.
If you are a RailYatri user though, we suggest you to reset your password, delete your saved UPI data or credit/ debit cards, and change their PIN codes as well – if possible. The data breach could be consequential for users, who fail to understand that all their private information may be in the hands of a third-party, and they can abuse it to no avail. The company has been unreachable despite several attempts, as per the report.
