Earlier this year, several Indian media outlets reported that the platform suffered a data breach in December 2022. The dark web listing confirms the leak. The database contains data stolen from the same breach. This is the second time RailYatri has suffered a user data leak. In 2020, the platform left an Elasticsearch server exposed without a password or encryption. The researchers who discovered the breach estimated that over 700,000 people were affected.
RailYatri Users’ Database Leak
An unidentified user identified as “Unit82” posted the RailYatri database on BreachForums. The 12.33 GB listing contains 31,062,673 records, including victims’ full names, genders, phone numbers, email addresses, and locations. Unit82 is designated as a V.I.P. user with a reputation score of 83, indicating high credibility. According to their BreachForums profile, Unit82 is based in Israel and has been active since August 2022. Unit82 offered to sell a copy of the database to an Indian media outlet for $300, a “discounted price for journalists.” A RailYatri spokesperson said the platform responded quickly to identify the source of the breach and address it “within a few hours.” The spokesperson confirmed that the hacker may have “viewed” certain information such as users’ age, email, preference city, and phone numbers. However, they downplayed the breach, saying the incident did not compromise sensitive information.
Indian Cyber Police Warn of Potential Scams
Cyber police in India are investigating the leak. Officials told Indian media outlets that a potential spike in cyber crimes could follow this leak. “Especially with data points like phone numbers involved, the scope for misuse goes up by a large degree,” a cyber police official told Hindustan Times. “These numbers can be used to target people for crimes like sextortion, part-time job rackets or financial frauds committed by impersonating police officials. Further, the names, email IDs and phone numbers can be used for preparing forged documents to be used in a wide variety of crimes, like the purchase of SIM cards or setting up bank accounts,” the official added. If you suspect your data was leaked in the RailYatri breach, look out for potential phishing emails, WhatsApp messages, or phone calls from potential scammers impersonating RailYatri. Malicious actors can also use information, such as names, phone numbers, and email addresses, to carry out identity theft.
