Hackers Infiltrate Indian RailYatri Exposing 31 Million Users’ data

RailYatri, a well-known Indian train ticket booking platform, has suffered a major data breach that has resulted in the personal information of over 31 million users and travelers (31,062,673) being exposed.

This breach is believed to have occurred in late December of 2022, and the database containing sensitive information has since been leaked online.

The compromised records include users’ email addresses, full names, genders, phone numbers, and locations. As a result, millions of users are now at risk of identity theft, phishing attacks, and other cybercrimes.

RailYatri Data leak

Our team can confirm that this database has been leaked on Breachforums, which is a notorious hacking and cybercrime forum that emerged as an alternative to the now-seized Raidforums.

What is unique with RailYatri data breach?

RailYatri, which means “train passenger” in Hindi experienced a data breach that is quite different from typical cyber attacks where hackers exploit vulnerabilities to steal and leak data.

The RailYatri breach actually began in February of 2020 when cybersecurity researcher Anurag Sen discovered a misconfigured Elasticsearch server that was exposed to the public without any password or security authentication.

Despite Sen’s efforts to inform RailYatri about the issue, the company initially denied the server’s connection to them, claiming it was merely test data. However, the server contained over 700,000 logs with more than 37 million entries, including internal production logs.

“Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,” Anurag told Hackread.com. “I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” added Anurag.

With the assistance of the Indian Computer Emergency Response Team (CERT-In), RailYatri managed to secure its data in 2020. However, two years later, on February 16th, 2023, the company was hit by yet another security breach, as hackers took advantage of a new leak.

Also read: Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed

The incident underscores the importance of proper data security protocols and highlights the potential risks associated with misconfigurations. Companies need to be more vigilant when it comes to data security to prevent unauthorized access to sensitive data. RailYatri’s breach serves as a reminder for all organizations to review their data security practices and ensure that they are up to date with the latest cybersecurity measures.

96 thoughts on “Hackers Infiltrate Indian RailYatri Exposing 31 Million Users’ data”

  1. I’m not that much of a internet reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back in the future. Many thanks

  2. I do trust all the ideas you have introduced on your post. They are very convincing and can definitely work. Still, the posts are too short for novices. Could you please prolong them a bit from next time? Thanks for the post.

  3. It?¦s actually a great and helpful piece of information. I am glad that you shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

  4. Howdy! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Appreciate it!

  5. Fantastic web site. Lots of helpful info here. I am sending it to some friends ans additionally sharing in delicious. And of course, thanks on your effort!

  6. Just wish to say your article is as astounding. The clearness in your post is simply spectacular and i could assume you’re an expert on this subject. Fine with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please continue the rewarding work.

  7. Good post. I be taught one thing more difficult on different blogs everyday. It’s going to at all times be stimulating to read content from other writers and observe somewhat one thing from their store. I’d desire to use some with the content on my weblog whether you don’t mind. Natually I’ll offer you a link in your internet blog. Thanks for sharing.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top