Indian travel marketplace RailYatri has experienced a data breach exposing the data of 7 lakh users on the platform. This breach was reported by antivirus review website Safety Detectives.
The data breach could happen because the company left data on the production server without password protection. Anyone with the knowledge of the IP address could access the data. The report also claims that 43GB if data was accessed.
The leaked user data includes name, age, gender, physical address, phone number, email address, payment loss, UPI ID, booking details, Authentication token, session logs, and booking details.
The data also include partial credit and debit card payment logs including the name on the card, the first and last 4 digits of the card number. The only good thing is that the data reveals partial copies of card numbers. But hackers can still use this data to launch phishing scams.
Most affected users were based in India. As per an estimate, there were around 700,000 records affected by the breach.
Safety Detectives has tried to report RailYatri but they didn’t receive any response. So, they contacted the Indian national Computer Emergency Response Team (CERT-In), a government agency responsible for national cybersecurity. After that, the server was secured.
RailYatri is a government-sanctioned Indian travel marketplace founded back in 2011.