Over 7 lakh users of Railyatri claim to have data in danger

Railyatri Indian ticketing platform has put the payment information and personal data of millions of users at risk due to inadequate security. According to the report, RailYatri had saved the users’ data on an unsecured server, from where one could easily access personal data of 7 lakh users. Public data included users’ full names, phone numbers, home addresses, email addresses, ticket booking details, and even credit and debit card numbers. This flaw was first revealed by the cyber-security researcher’s team on 10 August.

The Next Web Reportedly, cyber-security firm Safety Detectives The team of ReSurers first spotted the Elasticsearch server on 10 August. The team found that the affected server was accessible for several days without any encryption and password protection. Safety Detective stated in its blog that anyone can access this entire database with the server’s IP address.

The blog also informed that 43 GB of data is available on the server, in which most users are Indians. The firm estimated that more than 7 million people may be affected by the platform’s drawback.

A company spokesperson in this regard claimed that he does not store “financial and other sensitive data”. He said that he does not store credit card details on the server. Apart from this, the spokesperson also informed that only one day’s data is stored on the Rail Yatri server, data older than 24 hours is automatically deleted. In such a situation, they have denied the data leaked information of more than 7 lakh people.

In a blog post, Safety Detective informed that on August 12, the Meow bot has deleted almost the entire server’s data. Meow bot is a new type of cyber-attack, which deletes insecure databases running on Elasticsearch, Redis or MongoDB servers servers.