Travel Site Exposed 37 Million Records Before Attack
The company behind one of India’s most popular travel booking sites exposed 43GB of the customer and corporate data before it was deleted by the infamous “Meow” attacker, according to researchers.
A team at SafetyDetectives led by Anurag Sen discovered an Elasticsearch server without password protection or encryption on August 10.
It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In).
However, that was too late to save most of the information stored there: the Meow bot struck on August 12 and apparently deleted all but 1GB of the data.
The trove itself contained an estimated 37 million records linked to around 700,000 unique users of the popular site, a mobile app version of which has been downloaded over 10 million times on Google Play.
Exposed in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.
“Exposed user information could potentially be used to conduct identity fraud across different platforms and other sites,” argued SafetyDetectives.
“Users’ contact details could be harnessed to conduct a wide variety of scams while personal information from the breach could be used to encourage click-throughs and malware downloads. Personal information is also used by hackers to build up rapport and trust, with a view of carrying out a larger magnitude intrusion in the future.”
The firm also warned that exposed data could have put customers in physical danger.
“RailYatri’s server recorded and stored users’ location information when booking their tickets, and also allowed users to track their journey progress with integrated GPS functionality. This information could be used by hackers to locate the nearest cell tower to the user, and potentially, the user’s actual location including current address,” it explained.
“Regular train users generate clear and distinguishable travel patterns which malicious actors could use to commit violent crime directly upon the individual.”
The bot-driven Meow attack campaign has so far destroyed data from thousands of victims, providing an even greater urgency for IT managers to ensure any cloud databases are properly configured.
Want to get the best solution for your business?
At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch.
If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.
News Source: https://www.infosecurity-magazine.com/