SpiceJet Database Breach Exposed Details of Over 1.2 Million Passengers: Report

by admin 0 Comments

Europe
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

SpiceJet has reportedly confirmed a security flaw that exposed private details of 1.2 million passengers, including flight information. The information is said to have been found in an unencrypted database file after a security researcher gained access to a SpiceJet system by brute forcing the password. For now, confirmed details about the hack remain scarce, and the low-cost Indian airline has not revealed much in its acknowledgement that was essentially a boilerplate statement.

As reported by TechCrunch, the breach was by a security researcher who the publication is not naming, as they likely violated US computer hacking laws. The report elaborates to claim the researcher gained access to one of SpiceJet’s systems by brute-forcing what’s being termed as an “easily-guessable password.” The system contained an unencrypted backup file with private details of 1.2 million passengers.

The report adds the researcher had described their breach as “ethical hacking”, and had contacted SpiceJet, but never received a “meaningful response” from the airline. It was only after the Ministry of Electronics and Information Technology’s (MeitY) Indian Computer Emergency Response Team (CERT-In) was notified, independently confirmed the researcher’s findings, and then alerted SpiceJet, that the breach was fixed.

Gadgets 360 has reached out to SpiceJet to comment on the security flaw. With the researcher themselves breaching the system and gaining access to the database, the security lapse could perhaps be better termed as a vulnerability than a breach itself. It remains uncertain whether the data was leaked, or the ‘ethical hackers’ ensured that database didn’t get into the wrong hands, and responsibly saw that the issue was fixed.

Besides reporting that the airline confirmed the breach, TechCrunch quotes a SpiceJet statement in response, that says “at SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Abhinav Lal
You’ll most likely find Abhinav editing news stories, humouring his possibly unhealthy interest in playing Dota 2, and defending where his beliefs lie in the meritocracy vs. democracy debate. A science fiction and fantasy reader, he is sufficiently starry-eyed to look forward to a utopian future.
More

Jamia Shooter’s Facebook Account Taken Down After Shooting and Live Stream, Company Responds

Related Stories

This article was originally published by Ndtv.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *