RailYatri user data up for sale on dark web
RailYatri is an app authorised by the Indian Railway Catering and Tourism Corporation (IRCTC). It lets users book tickets, check their PNR status and view other information related to train travel in India.
Mumbai: A significant set of data allegedly hacked from RailYatri, which includes names, email IDs, mobile phone numbers and locations of its users, was put up for sale on a dark web forum.
RailYatri is an app authorised by the Indian Railway Catering and Tourism Corporation (IRCTC). It lets users book tickets, check their PNR status and view other information related to train travel in India.
The cyber police officers are tracking the leak and will be alerting the relevant authorities after completing their preliminary investigations.
“Especially with data points like phone numbers involved, the scope for misuse goes up by a large degree. These numbers can be used to target people for crimes like sextortion, part-time job rackets or financial frauds committed by impersonating police officials. Further, the names, email IDs and phone numbers can be used for preparing forged documents to be used in a wide variety of crimes, like the purchase of SIM cards or setting up bank accounts,” said a cyber police official.
On Sunday, HT unearthed that a set of 3.1 crore supposed data points from RailYatri was put up for sale on Breached Forums – a known illicit hackers’ den. A hacker identified as Unit82 shared the post and claimed that it had been hacked in December 2022. Unit82 also shared a link where they can be contacted to discuss the purchase of the data.
A data point is any bit of data, including names, email IDs, addresses and phone numbers of affected users.
A Railways official, on condition of anonymity, said that there had been no official report about the data leak. “The app has around 1.5 to two lakh downloads so far. We are looking into reports of the data leak,” the official added.
Breached Forums follows a practice of independently verifying the authenticity of data offered for sale before endorsing it on its forum. While Unit82 had posted its offer on February 16, the administrator of Breached Forums only confirmed it as genuine on Sunday morning.
A description of the hacked data posted on the forum states that it contains a total of 3,10,62,673 data points, around 12.33 gigabytes in size. Several other hackers responded to Unit82, asking for a small sample to further prove the claim.
Unit82’s bio on Breached Forums identifies them as a ‘VIP user’, which is an indicator of high credibility. The bio also states that Unit82 is based in Israel and has been a member of Breached Forums since August 6, 2022.
HT established contact with Unit82 on Sunday night, who offered to sell the data for $300, saying it was a “discounted price for journalists.”
Stay updated with all the Breaking News and Latest News from Mumbai. Click here for comprehensive coverage of top Cities including Bengaluru, Delhi, Hyderabad, and more across India along with Stay informed on the latest happenings in World News.