Primary Indian ticket vendor suffers crippling data breach

Jim Wilson writes:

One of India’s most popular travel booking hubs was left exposed without adequate security measures, and subsequently, suffered a significant data breach that exposed all production server information and led to the loss of over 43GB of data.

The affected Elastic search server was left publicly exposed without password protection or encryption for several days which meant anyone with the server’s IP address, could have gained access to the entire database.

Our security team, led by Anurag Sen, discovered the server vulnerability on 10 August 2020 after it became exposed on the Internet on 9 August 2020. Three days later on 12 August 2020, our team reviewed the data, the server became the target of a Meow bot attack, leading to the deletion of almost all server data.


About the author: Dissent

Comments are closed.