RailYatri is a Indian government-sanctioned travel service provider who sells bus and train tickets for domestic Indian travellers. RailYatri has a web portal and Android/iOS app for their customers to avail different services.
Security research team at Safety Detectives, which was led by Anuran Sen, found that an unsecured server of RailYatri was left exposed without password protection or encryption for several days. Sen and his team found the exposed data on August 10 which was approximately 43GB in size. On 12th August, the server became the target of a Meow bot attack, leading to the deletion of almost all server data. Meow bot attack is a new type of cyber attack that seeks and destroys unsecured databases that run the Elasticsearch, Redis or MongoDB software. The name comes from it overwriting the word “meow” repeatedly in each database index that it finds. The bot overwrites all of the data, effectively destroying the contents of the database. Read more about the Meow attack here.
The exposed data is said to contain more than 37 millions records including log files.
“Most of the affected users were based in India with our team estimating that around 700,000 individuals were likely to be directly affected by the breach.” – team at Safety Detectives
Team also went ahead and reported its finding to the Indian National Computer Emergency Response Team (CERT-In). The server was secured the following day.
The leaked database contains almost all records of passenger’s personal info such as full names, age, gender, physical addresses, email address, phone numbers and banking payment details such as partial credit/debit card info, payment logs, UPI ID. It also contains logs of critical information such as users’ GPS location, travel itinerary etc.
All this information can be used by scammers to launch phishing attacks. Malicious actors can use leaked personal information to conduct identity fraud, offline or online. Personal information can also be used by scammers to build fake online profiles too.