One of India’s largest privately owned airlines, SpiceJet, has suffered a data breach exposing the personal information of over a million of its passengers.
According to a report by TechCrunch, a security researcher gained access to one of SpiceJet’s unencrypted database using a brute-force attack.
The database contained the private information of over 1.2 million passengers who flew with SpiceJet over the past month, including flight information, passenger names, phone numbers, email addresses, and dates of birth.
Among some of the passengers include state officials.
The researcher explained that the database was open and accessible for anyone who know where to look thus making the data extremely vulnerable to possible attacks by threat actors.
The researcher notified SpiceJet about the breach after accessing the data, to which no “meaningful” response was received.
India’s computer emergency response team CERT-IN was also notified about the breach, to which the government agency confirmed the breach and issued an alert to SpiceJet. SpiceJet has since secured the databa
A spokesperson for the airline said in a statement, “at SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
The post #Privacy: Data breach at Indian airline exposes 1.2 million passengers appeared first on PrivSec Report.