27 C
Jaipur
Saturday, October 17, 2020

RailYatri’s Server Could Have Exposed Debit/ Credit Cards of Over 7 Lakh Users: Report

Must read

Braves vs Dodgers live stream: how to watch NLCS playoffs game 6 online from anywhere

Ask any fan of the Braves or the Dodgers and they'll tell you that a baseball World Series win is well overdue for their...

Best Logitech Webcams – Linux Hint

Logitech has a long tradition of designing and engineering gadgets better than competitors. Their webcams, in particular, need no introduction. The devices produced by...

Best Icon Packs for Linux – Linux Hint

This article will cover various icon themes that you can use to change the look and feel of your Linux distribution. While there are...

How to install KDE on Arch Linux – Linux Hint

KDE is a desktop environment specifically designed for the operating system of Arch Linux. It is favorable over other desktop environments because of its...

Popular Indian ticketing platform, RailYatri, is reported to have exposed the private information of over 7 lakh (700,000) users due to an unsecure server. The platform, for those unaware, allows users across India to easily book railway and bus tickets. It has today been reported that RailYatri’s servers suffered a massive data breach (due to inadequate safety protocols) with almost 43GB of data on the exposed server.

The exposed Elasticsearch server was first spotted by a team of researchers at the cybersecurity firm, Safety Detectives, on August 10. While the team was reviewing the server data, it was hit by a Meow bot attack that wiped almost all of the server data. A massive 43GB database, which contained more than 37 million records, was reduced down to just around 1GB.

The Meow bot attack, for the uninitiated, is a new type of attack that erases unsecured Elasticsearch, MongoDB, or Redis servers. So, what all data could have been leaked by the unsecured server? It contained more than 37 million records with log files and over 7 lakh unique e-mail addresses.

Not just e-mail addresses, the security firm says that the server also revealed a user’s full name, phone number, address, gender, age, and payment logs. It even included UPI IDs, credit and debit cards (saved payment info), and the user’s GPS location as well. This means one could use all of this information to not only locate you but learn about any of your upcoming travel plans.

The security researchers first contacted the company to resolve the security issue but received no reply. It then reached out to the Indian National Computer Emergency Response Team (CERT-In) and the server vulnerability was fixed within a day.

If you are a RailYatri user though, we suggest you to reset your password, delete your saved UPI data or credit/ debit cards, and change their PIN codes as well – if possible. The data breach could be consequential for users, who fail to understand that all their private information may be in the hands of a third-party, and they can abuse it to no avail. The company has been unreachable despite several attempts, as per the report.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Braves vs Dodgers live stream: how to watch NLCS playoffs game 6 online from anywhere

Ask any fan of the Braves or the Dodgers and they'll tell you that a baseball World Series win is well overdue for their...

Best Logitech Webcams – Linux Hint

Logitech has a long tradition of designing and engineering gadgets better than competitors. Their webcams, in particular, need no introduction. The devices produced by...

Best Icon Packs for Linux – Linux Hint

This article will cover various icon themes that you can use to change the look and feel of your Linux distribution. While there are...

How to install KDE on Arch Linux – Linux Hint

KDE is a desktop environment specifically designed for the operating system of Arch Linux. It is favorable over other desktop environments because of its...

How do you get to the Last Line in Nano? – Linux Hint

While working with the nano editor, you might want to jump to the last line of a file without having to scroll through the...