RailYatri, a popular Indian train ticket booking platform, experienced a massive data breach, exposing the personal details of over 31 million (31,062,673) users/travelers. The breach is thought to have happened in late December 2022, and the database of sensitive information has now been leaked online.
The leaked data contains email addresses, full names, genders, phone numbers, locations, and 37,000 invoices, putting millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
Hackread.com confirmed that the database was leaked on Breachforums, a hacker and cybercrime forum that arose as a replacement for the popular and now-seized Raidforums.
The RailYatri data breach is not your typical case of hackers exploiting flaws, stealing, and spilling data. In fact, it all started in February 2020, when cybersecurity researcher Anurag Sen discovered a misconfigured Elasticsearch server that was open to the public with no password or security authentication.
Sen discovered that the server belonged to RailYatri and notified the company, which initially denied ownership. The company later claimed that it was just test data. The server had over 700,000 logs at the time, with over 37 million entries in total, including internal production logs.
“Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,” Anurag told Hackread.com. “I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” added Anurag.
As per Anurag, the latest data breach could have been prevented "if the company had implemented proper cybersecurity measures from the start."
As a security precaution, it's recommended that all users change their passwords and enable two-factor authentication on their accounts. They also advised users to keep an eye on their bank accounts and credit card statements for any unusual activity.
This breach is a strong reminder of the rising frequency and severity of cyber attacks, especially in the aftermath of the COVID-19 pandemic, which has forced millions of people to rely on online platforms for their daily needs. It emphasizes the importance of companies prioritizing cybersecurity measures and taking all necessary steps to safeguard their customers' personal information.
