Hello everyone, lucifer here, and today we are going to discuss the Indian railway (IRCTC) data breach of 30 million users available on the dark web.
Recently on Tuesday, 27 December Indian railways came up with a data breach of approximately 3 crore users which was available for sale on the dark web.
This breach was claimed by a hacker named shadow hacker who was selling the 30 million user data of the Indian railway on a Hackers’ forum, this portal is generally used by cyber criminals to sell hacked data on the dark web.
Also, the hacker is not revealing the source of the data leaked.
Irctc is not denying with the breach came up, but they are denying that the data is hacked from their official IRCTC servers.
Recently ANI said in a tweet that a railway spokesperson said that “On analysis of sample data, it is found that the sample data key pattern does not match with IRCTC history API. A suspected data breach is not from the IRCTC servers.”
Further Investigation is being done by IRCTC regarding the data breach. And All IRCTC business partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC.”
As hacker claims that he has two sets of data available for sale. The first set contains the user data which includes username, phone number, email, gender, city, state, and language preference in it.
And, the Second set contains the data of booking which includes the traveler’s name, mobile number, travel details, train number, invoice, and other information about ticket booking.
As a report given on Techlomedia, when some sample data provided by the hacker, were examined on the IRCTC website then it was found to a legit PNR data.
According to reports on the IRCTC website was used for booking approximately 430 million tickets in the 2021-22 financial year. And approximately 6.3 million daily logins and more than 80 million users of its online services.
According to the data available on the forum, the hacker provides five copies of data which costs around $400 per copy. The hacker also claims that to provide that data and vulnerability details for $2,000.
News Credit:- CNBC TV 18, The Economic Times, Techlomedia.