india's-newest-airline-akasa-air-found-leaking-passengers'-personal-information

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error.

According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers.

The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country.

“I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format,” Barot said in a write-up. “I immediately changed some parameters in [the] request and I was able to see other user’s PII. It took around ~30 minutes to find this issue.”

Upon receiving the report, the company said it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (CERT-In).

Akasa Air emphasized that no travel-related information or payment details were left accessible and that there is no evidence the glitch was exploited in the wild.

The airline further said it has directly notified affected users of the incident, although the scale of the leak remains unclear, adding it “advised users to be conscious of possible phishing attempts.”


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials…
8 Reasons Why Enterprises Use Java

8 Reasons Why Enterprises Use Java

Java is one of the most well-known programming languages and software platforms that is used on countless devices such as…
360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

Previously we covered the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold…