Over 1.2 Million Passengers Details Exposed in the SpiceJet Data Breach

Security flaw exposed more than 1.2 million Spicejet passengers details, the exposed details include the passenger name, phone number, email address and date of birth.

According to TechCrunch, a security researcher who described their actions as “ethical hacking” gained access to one of the SpiceJet’s systems by using the brute-forcing method.

The system contains an easily guessable password which lets the researcher gained access to the backup database.

The backup database is unencrypted and has the private information of more than 1.2 million passengers of the company.

The database also contains the rolling month’s flight information including the details of each commuter, reads TechCrunch report.

The researcher reached out to SpiceJet, but there is no valid response from them, later he alerted the CERT-In, a government-run agency in India that handles cybersecurity threats.

Later CERT-In, confirms the flaw and alerted SpiceJet to take necessary steps to secure the database.

A SpiceJet spokesperson said that “at SpiceJet, safety and security of our fliers’ data are sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”

SpiceJet is a low-cost and second largest Indian airline, it has a market share of 13.6% as of March 2019. The company operates 630 flights daily.

Also Read

30 Million Credit Data Available for Sale in Dark Web – Wawa Massive Payment Card Breach

Microsoft Data Leak – 250 Million Microsoft Customer Service Support Records Exposed Online

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Palo Alto Networks PAN-OS Zero-day Under Active Attack

In a recent security alert, Palo Alto Networks has disclosed a critical vulnerability within its…

9 hours ago

DuckDuckGo Launches Privacy Pro : 3-In-1 Service With VPN

DuckDuckGo is a search engine that takes users' privacy seriously. It does not track or…

10 hours ago

Wiz to Acquire Gem Security for $350M to Address Cloud Security

Wiz, a leading cloud security company, has announced its acquisition of Gem Security for $350…

14 hours ago

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux, and Endpoint Security for…

15 hours ago

Ukrainian Hackers Hijacked 87,000 Sensors to Shut down Sewage System

Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring…

16 hours ago

Zscaler Acquires Airgap Networks to Enhance Zero Trust SASE

Zscaler has announced the acquisition of Airgap Networks, a company renowned for its agentless segmentation…

18 hours ago