User data of more than 900,000 leaked from IRCTC last year, resurfaces on dark web
A set of user data belonging to more than 900,000 users has been spotted on the dark web by a dark web risk monitoring firm called Cyble. Cyble noted that they came across a post where a user had allegedly claimed that user of data of close to one million people had been leaked sometime in 2019 and shared that data on the DarkWeb community on October 13.
Cyble found out that the 900,000 plus user records belonged to the Indian Railway Catering and Tourism Corporation (IRCTC). IRCTC is a subsidiary of the Indian Railways that handles online ticketing, catering and tourism operations.
Details suggest that the data was exfiltrated by hackers sometime last year and was just being shared again.
The user sharing the data did so without asking for a fee and it appears that he isn't the one who exfiltrated the data in the first place. Also, there is no mention of whether IRCTC was ever sent a ransom note or was extorted.
The information in the leak includes users' full names, mobile numbers, date of birth, gender, marital status, city of origin and state of residence.
Data of this kind and this quantity can easily be used for phishing attacks and scams and spam emails/texts/calls. Sensitive data like payment details, home addresses, travel dates etc are not a part of the information in the leak and neither are email IDs, thankfully.
The data dump is easily downloadable and after removing duplicates, Cyble found at least nine lakh unique rows of user information.
In case you have ever used IRCTC to book tickets and want to check if your data is a part of the leak or not, Cyble has acquired and indexed the data on their data breach monitoring and notification platform, AmiBreached.com. You can register on the platform to check if your information is in that lot or you can also check it by downloading the mobile application (available on iOS and Android).
IRCTC has denied that any such leak has happened so it seems like it must have happened a year ago as Cyble states or even earlier.
As per NDTV reports, IRCTC spokesperson and PRO Siddharth Singh said that no user data has been leaked and all the data in the leak seems to be of very general nature and something that's available even on e-commerce portals. IRCTC has also said that this data is a part of a breach that happened five years ago.
#FYI | "IRCTC is partially right. The data that is available on the dark web now is not a new breach. It happened almost 5 years ago. Somebody is reselling that data now": Jiten Jain, cybersecurity expert pic.twitter.com/GC8AeAMd5a— NDTV (@ndtv) October 16, 2020
Cybersecurity expert Jiten Jain told NDTV that IRCTC could be “partially right” about the data being leaked earlier and it not being a recent incident and that data resurfacing and being resold on the dark web is normal. He also added that IRCTC is currently in denial mode.
However, this means that irrespective of whether the data leaked five years ago or a year ago, IRCTC has not looked into it and the user data is out and available on the dark web.