New Delhi: The personal details of millions of Indian Railways users appear to have been exposed online. Rumor has it that hackers are selling that data on the dark web. It has been only days since the All India Institute of Medical Sciences (AIIMS), a major healthcare institution in India, was allegedly hit by a data breach. Here’s what we know so far about the latest data breach:
Neither the government nor the Indian Railways have verified anything about the data breach so far, so we do not know if the data provided by the hackers is accurate. It allegedly obtained a large amount of user data, including address, age, and gender. (Also Read: Twitter Data Breach: Hacker Posts List of Hacked Data of 400 Million Users — Check if Your Data Has Been Leaked)
The hackers said the group also compromised the billing information and ride records of Indian Railways customers. The stolen data includes both user information and information about people’s reservations. According to the forums, the buyer can only get 5 copies of the data for $400 per copy. According to an IndiaTimes report, anyone who wants exclusive access to the data will have to pay him $1,500 to $2,000 for the data and vulnerability details. (Also read: Miraculous Resurrection! Saving 150 rupees every day, let him get 200,000 rupees in 15 years with this post office scheme. Check calculator, policy terms.)
The data breach reportedly occurred on December 27th. Information about the data breach was provided by an as-yet-unidentified person on a hacker forum. It was published by a user who goes by the fictitious name of “Shadow Hacker”.
The same hacker group also claims to have succeeded in obtaining the official email addresses of many individuals from government agencies. There is currently no information available on how the hackers got access to his IRCTC data. Security firms have yet to verify the effectiveness of the latest data breach.