Startup Tells Rail Ministry Suresh Prabhu Exactly How IRCTC Site Was Hacked

Admin 14-May-2016 16:57:32 Inothernews

Startup Tells Rail Ministry Suresh Prabhu Exactly How IRCTC Site Was Hacked


India's largest e-commerce website IRCTC may have escaped a hack last week, but the website is a sitting duck for even amateur hackers. So claims Bengaluru-based cybersecurity startup Fallible. The startup provided details on how exactly the data leak can easily happen on IRCTC website. "Contrary to the claims made in media, there is indeed a data leak happening on the IRCTC website. The data includes phone numbers, email addresses, home addresses, date of birth, Aadhar for those users who gave it on IRCTC, password reset question and the secret answer," Fallible co-founder Abhishek Anand told TOI Tech .



Anand has also sent a mail to railway minister Suresh Prabhu explaining the technical details of the vulnerability (TOI Tech has a copy of that mail).

The mail relates to a vulnerability found on the IRCTC iOS app . "We have confirmed it for iOS app but it does not matter since one can get all IRCTC users data, including even those who have never used the mobile app."

The details of the vulnerability are yet to be tested and confirmed. However, the so-called hack cited by Anand appears very simple for untrained hands too.

title=

Last week, there were media reports that personal data of around 1 crore customers is feared to have been stolen from the server of the e-ticketing portal IRCTC.

"We deny all reports claiming that IRCTC website was hacked. No Denial of Service attack (DoS/DDoS) has been successful and the E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference. No leakage of data through any of the service providers of IRCTC has been established," IRCTC PRO Sandip Dutta told TOI Tech.

title=

Related Post