Railyatri.in is in the news because their database of 7 lakh passengers has been left exposed to hackers.
RailYatri.in has just left its user’s data at risk. The server which was being used to store data was unprotected.
What kind of data?
This includes full names, phone numbers, addresses, email IDs, ticket booking details, and partial credit or debit card numbers.
This flaw was exposed by a security firm called Safety Detectives on August 10. The server didn’t have any encryption or password. Anyone with the server’s IP address could break in and take the data he or she wanted.
When asked to RailYatri about this, they haven’t commented on this finding. But they have shut down the server immediately after knowing the issue from Safety Detectives.
Talking about numbers, around 43GB of data was left exposed on the server. It includes 37 million records. Every little information like booking details, payment details, and GPS location was exposed.
A new kind of cyber attack has been trending called Meow bot attack. The purpose of this bot is to wipe out unsecured databases that run the Elasticsearch, Redis, or MongoDB software. The name comes from it overwriting the word “meow” repeatedly in each database index that it finds.
Since RailYatri’s server were unsecured even they were hit by the Meow Bot attack on 12th August.
It almost deleted the entire database according to the reports of Safety Detectives.
Security is turning out to be the major factor of some company’s success or not in the current market. RailYatri has still not given a word. They must come out with a strong statement and look over their backend and stuff. Let’s see what they will have to say in the near future.