SpiceJet, one of the leading airline companies in India has been affected by a security breach due to which details of around 1.2 million passengers, including the flight information, have been leaked. As reported by TechCrunch, a security researcher gained access to the SpiceJet’s systems by brute-forcing. He also mentioned that guessing the right passwords was not a difficult task.
The information regarding the passenger details was found in an unencrypted database file in one of SpiceJet’s systems. The database consisted of information like the passenger’s name, phone number, date of birth, and e-mail addresses, as told by the researcher.
The database also contained all the information related to the cost of tickets and the flight number of all the commuters. The leaked database was highly confidential as few of the commuters were state officials as well.
Researcher Informed SpiceJet
The researcher tried to alert SpiceJet about the database but was unable to get an appropriate response. Later, the researcher notified CERT-In, which is a government agency that handles the cybersecurity of India. The agency identified the security issue and informed SpiceJet about it. As of now, necessary measures have been taken by the airlines to avoid any chaotic situation related to data leak.
An official from SpiceJet has said that the airline ensures that the safety and security of any data related to their passengers, and the systems of the company are up to date and are strongly protected now.
SpiceJet holds approximately 13% market shares in India. India is the fastest-growing aviation market in the world as about 12 million people in India travel via an airplane each month, and the number is increasing rapidly. SpiceJet has around 600 active planes, including planes for international travel to Dubai and Hong Kong.