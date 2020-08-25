25 August 2020 16:43 IST

The security research team discovered information, including passenger name, age, email address, partial records of credit and debit card information, and Unified Payment Interface (UPI) ID.

A data breach at online travel marketplace RailYatri has affected about 7 lakh users, according to a security report by Safety Detective research lab.

Absence of encryption and password had exposed the server on August 9. The vulnerability was discovered the next day, by a security research team, Safety Detectives said in post.

Three days later on August 12, our team reviewed the data and found the server to have become the target of a Meow bot attack, which led to the deletion of almost all server data, it added.

Safety Detectives said it reported the breach to RailYatri, and Computer Emergency Response Team (CERT-In).

RailYatri in an official statement said that the server in question was a test server, and was plugged immediately from the network after the security issue was brought into its notice by CERT-In.

“We would like to clarify that report suggesting 7,00,000 email addresses leaked in three days is factually incorrect as it would be impossible for that to happen since the server contains at most a days-worth of data,” RailYatri said.

“Having said so, we would like to assure our users that RailYatri does not store financial and other sensitive data with the exception of some partial details,” it added.