Indian Railways data breach: Over 30 million passenger info up for sale on Dark Web; check details
The hacker, without disclosing the source of the data, claims that "its one of the biggest railways database in India." The leaked data set contains user data and invoices, with some of the invoices dated for December 31, 2022.
FollowThe Indian Railways on Tuesday (December 27) suffered a data breach in which the data of over 30 million users was compromised. It is reportedly said that a hacker has put the user data for sale on the Dark Web.
The hacker, without disclosing the source of the data, claims that "its one of the biggest railways database in India." The leaked data set contains user data and invoices, with some of the invoices dated for December 31, 2022.
Also read:Â Congress' fight against RSS, BJP will continue: CM Gehlot on party's 138th foundation day
It can be seen that the Indian Railway Catering and Tourism Corporation (IRCTC) operates successful online ticket booking platform, recording 41.74 million electronic ticket reservations and generating a revenue of 38.18 billion Indian rupees in the 2021-2022 fiscal year.
The data contains "userName, email, verifiedMobileNumber, unverifiedMobileMumber, gender, mobileNumberVerified, cityId, cityName, stateId, languagePreferences." The sample data shared by the hacker shows several data with emails and phone numbers of users who have booked tickets on Indian Railways.
"In the 30M data, there is a lot of government emails, and important people," claims the hacker before providing two 'examples' of user data from a user with an email address ending with "@elibom.digitallock.gov.in", and another ending in "@konkanrailway.gov.in" Both data samples had mobile phone numbers and city locations along with them.
Also read:Â 'T-shirt hi chal rahi hai...' Rahul Gandhi leaves media in splits on winter morning at Congress HQ
"Also there is another endpoint disclosing all user history of travel information, include a lot of data like PNR Number, invoice pdf ( include all his info like passenger name, mobile, location, etc ), train number, arrival time, email, phone, passengerGender, nationality, and all information of passenger!," the hacker further claimed.
The second data sets contain full travel information such as Train No, Journey details, date of journey, user id, email, phone, booking status, boarding station, money paid, GST details, berth number, berth codes, meal booking, and more. The data set seems to be fresh as some records from the data sample are from the month of December 2022.
Also read:Â Congress Foundation Day: Mallikarjun Kharge slams Centre, says society being divided by hate
The IRCTC is a wholly owned subsidiary of the Indian Railways, Ministry of Railways, Government of India.
Earlier, the IRCTC had planned to monetise user data in August, the plan was aborted later amid widespread concerns over privacy.
