SpiceJet, one of the leading airlines in India and ranking second after IndiGo in low-cost carriers, has suffered a data breach from the “ethical hackers”. It is important to note that the hackers who have gained access to the information have informed the authorities about the loophole in SpiceJet’s security systems but have not come out in the open because they likely broke the law in the process. The “ethical hackers” discovered that the password of the SpiceJet system by brute-forcing their way into the systems. After gaining access of the systems, the hackers discovered an unencrypted database backup file that contained information of more than a million SpiceJet flyers.
Data of More than a Million Passengers
The report comes from TechCrunch. The data which found its way into the hands of the ethical hackers contained information of the fliers such as their names, email addresses, date of birth, phone numbers and more. Some of the information was of the state officials. The hackers also remarked that the information was easily accessible by someone who knew where to look. The hackers then reached out to the airline itself to inform it of the security loophole, only to get no response from SpiceJet.
Indian Agency Informs SpiceJet
The security experts than reached out to CERT-In, a government-run agency in India that handles cybersecurity threats in the nation. The Indian agency then confirmed the security loophole in SpiceJet’s systems. When CERT-In reached out to SpiceJet, the airline issued a statement.
SpiceJet’s statement said “at SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”