The Indian Railways recently suffered from a data breach, in which the data of over 30 million users was compromised. It was discovered that a hacker forum user was selling 30 million Indian Railway user records.
The data reportedly includes name, email, phone number, gender, and other personal information. Along with the data, the hacker offers details of the vulnerabilities they used on the website, without mentioning whether it is the IRCTC booking portal or the Indian Railways website.
The hacker also asserts that “important persons” and “government personnel” have had their data taken. It is apparent from the snapshot of the hacker site where the data was listed for sale that customers’ travel and billing histories were also compromised.
Neither the authenticity of the data nor how it was accessed has been verified by security researchers. The Indian Railways is yet to comment on this breach. Earlier in 2020, the personal information of over nine million Indian railway ticket buyers, including their IDs, was found online. This company discovered a dark web post stating that a million users’ data was stolen sometime in 2019.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
