Security glitch in railway booking: UPI and card details of 7 lakh users exposed, Railyatri denies it

Due to inadequate security measures, the Indian ticketing platform, Railyatri has reportedly exposed the UPI, debit and cards details of 7 lakh users accidentally

Security glitch in railway booking: UPI and card details of 7 lakh users exposed, Railyatri denies it

NH Web Desk

A security glitch in the online ticket booking website, Railyatri has lead to a alleged expose of nearly 7 lakh users’ data, a report in India Today said.

Due to inadequate security measures, the Indian ticketing platform has reportedly exposed the UPI, debit cards details of the users accidentally.

Some of the details include name, phone number, email ids, ticket details and credit and debit card numbers of the users.

According to a report by The Next Web, the exposed data was saved on an unsecured server.

A cyber security firm first spotted the exposed data and reported that the server had no encryption or password protection that could save the users’ data.

Anyone with the server’s IP address could access the data on the Elasticsearch server, a group of safety detectives stated in a blog. The report also claimed that the data that was left out mostly belonged to Indian users.

Railyatri team said it is trying to resolve the vulnerability that was spotted.

“At RailYatri, we take the safety and privacy of our user-base seriously, and as soon as the issue was brought to our notice by CERT-In (Indian Computer Emergency Response team) a week back, our team was instantly on its feet in efforts to resolve the issue then and there. Post receiving the information, the testing server port was plugged immediately from the network. The server in question was a test server, and some of our logs were partially replicated on the same. As a general protocol, any and all data older than 24 hours are automatically deleted from the server,” the statement by Railyatri read.

Railyatri further denied the report that claim that the data of 7 lakh users were exposed due to security flaws in the ticket booking website.

“Further, we would like to clarify that report suggesting 7,00,000 email addresses leaked in 3 days is factually incorrect as it would be impossible for that to happen since the server contains at most a days-worth of data,” the team said in a statement.

Railyatri also falsified the claims of saving users’ financial data on its platforms. reprehending the reports the ticket booking website said, “We would like to assure our users that RailYatri does not store financial and other sensitive data with the exception of some partial details. We do not store credit card data on our servers. Data privacy is of utmost importance to us, and we have taken a thorough look at the issue to address it comprehensively. We are committed to the safety of user data.”

Follow us on: Facebook, Twitter, Google News, Instagram 

Join our official telegram channel (@nationalherald) and stay updated with the latest headlines

Published: 26 Aug 2020, 1:25 PM