Security flaw exposed more than 1.2 million Spicejet passengers details, the exposed details include the passenger name, phone number, email address and date of birth.
According to TechCrunch, a security researcher who described their actions as “ethical hacking” gained access to one of the SpiceJet’s systems by using the brute-forcing method.
The system contains an easily guessable password which lets the researcher gained access to the backup database.
The backup database is unencrypted and has the private information of more than 1.2 million passengers of the company.
The database also contains the rolling month’s flight information including the details of each commuter, reads TechCrunch report.
The researcher reached out to SpiceJet, but there is no valid response from them, later he alerted the CERT-In, a government-run agency in India that handles cybersecurity threats.
Later CERT-In, confirms the flaw and alerted SpiceJet to take necessary steps to secure the database.
A SpiceJet spokesperson said that “at SpiceJet, safety and security of our fliers’ data are sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
SpiceJet is a low-cost and second largest Indian airline, it has a market share of 13.6% as of March 2019. The company operates 630 flights daily.
Also Read
30 Million Credit Data Available for Sale in Dark Web – Wawa Massive Payment Card Breach
Microsoft Data Leak – 250 Million Microsoft Customer Service Support Records Exposed Online
TikTok, the popular video-sharing app, has been banned in the United States and removed from…
MITRE has officially released D3FEND™ 1.0, a groundbreaking cybersecurity ontology designed to standardize the vocabulary…
A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns,…
FlowerStorm is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…
VSCode Remote Tunnels, a legitimate feature of the popular development environment, are increasingly being used…
Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based…