Jump to content
  • India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

    aum

    • 301 views
    • 2 minutes
     Share


    • 301 views
    • 2 minutes

    Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error.


    According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers.


    The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country.


    "I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format," Borot said in a write-up. "I immediately changed some parameters in [the] request and I was able to see other user's PII. It took around ~30 minutes to find this issue."

     

    signup.jpg

     

    Upon receiving the report, the company said it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (CERT-In).


    Akasa Air emphasized that no travel-related information or payment details were left accessible and that there is no evidence the glitch was exploited in the wild.


    The airline further said it has directly notified affected users of the incident, although the scale of the leak remains unclear, adding it "advised users to be conscious of possible phishing attempts."

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...