Monday, August 29, 2022

Akasa Air exposed personal data of its passengers

India’s newest airline, Akasa Air, exposed personal identity data including names, email IDs and phone numbers of its customers.

A technical error in our login and sign-up service reported on Thursday exposed personal data like names, gender, email addresses and phone numbers of some passengers which may have been viewed by unauthorized individuals, the airline acknowledged in a statement.

The company apologised for this incident and assured that no travel-related or payment information of the customers was compromised.

It has reported the incident to CERT-In, the Government authorised nodal agency tasked to deal with such incidents.

It has also stopped this unauthorised access by completely shutting down the associated functional elements of their system, added additional controls to address this and resumed their login and sign-up services.

This issue was first discovered by cybersecurity researcher Ashutosh Barot on August 7, the day when the airline started its flight operations.

He warned about this in a blog and explained how he could access user’s personal information like contacts, while he explored the airline’s security system for bugs.

29/08/22 Abhishek Chatterjee/The Hindu

To Read the News in full at Source, Click the Headline


Post a Comment