Online ticketing platform RailYatri has leaked lakhs of users of personal data. The data was stored on an unsecured server. As per a report from The Next Web, leaked data includes information such as names, phone numbers, addresses, email IDs, ticket booking details. In addition, Railyatri confirmed that people’s credit or debit card details also get leaked.
The exposed server was discovered by a team of researchers at cyber-security firm Safety Detectives on August 10. The server was left without any security encryption and password. Anybody with a server’s IP can access the users’ data and information.
Safety Detectives team reached out Computer emergency response team (CERT-In) to highlight the issue so that they can be fixed it. The team even contacted RailYatri but neither RaiYatri nor CERT-In reverted them back.