cloud

Over 1.2 Million Passengers Details Exposed in the SpiceJet Data Breach

Security flaw exposed more than 1.2 million Spicejet passengers details, the exposed details include the passenger name, phone number, email address and date of birth.

According to TechCrunch, a security researcher who described their actions as “ethical hacking” gained access to one of the SpiceJet’s systems by using the brute-forcing method.

The system contains an easily guessable password which lets the researcher gained access to the backup database.

The backup database is unencrypted and has the private information of more than 1.2 million passengers of the company.

The database also contains the rolling month’s flight information including the details of each commuter, reads TechCrunch report.

The researcher reached out to SpiceJet, but there is no valid response from them, later he alerted the CERT-In, a government-run agency in India that handles cybersecurity threats.

Later CERT-In, confirms the flaw and alerted SpiceJet to take necessary steps to secure the database.

A SpiceJet spokesperson said that “at SpiceJet, safety and security of our fliers’ data are sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”

SpiceJet is a low-cost and second largest Indian airline, it has a market share of 13.6% as of March 2019. The company operates 630 flights daily.

Also Read

30 Million Credit Data Available for Sale in Dark Web – Wawa Massive Payment Card Breach

Microsoft Data Leak – 250 Million Microsoft Customer Service Support Records Exposed Online

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

TikTok Stopped Working for US Users, Removed from Apple & Google stores

TikTok, the popular video-sharing app, has been banned in the United States and removed from…

5 hours ago

MITRE Launches D3FEND 1.0 to Standardize Cybersecurity Techniques for Countering Threats

MITRE has officially released D3FEND™ 1.0, a groundbreaking cybersecurity ontology designed to standardize the vocabulary…

23 hours ago

PoC Exploit Released for Palo Alto Expedition Tool OS Command Injection Vulnerability

A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns,…

1 day ago

FlowerStorm “Phishing-as-a-Service” Attacking Microsoft Users With Fake Login Pages

FlowerStorm is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…

1 day ago

Hackers Abusing Microsoft VSCode Remote Tunnels To Bypass Security Tools

VSCode Remote Tunnels, a legitimate feature of the popular development environment, are increasingly being used…

1 day ago

AWS Patches Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based…

2 days ago