IRCTC website ‘hacked’, personal details of 10 million passengers feared stolen
The ticket booking website for Indian Railways has been hacked and the personal data of around 1 million passengers are feared to have been stolen from the server of the e-ticketing portal Indian Railway Catering and Tourism Corporation (IRCTC).
IRCTC is India’s largest e-commerce website, lakhs of transactions are conducted every day. Customers provide details like Pan Card numbers and address while filling up online reservation forms which could be stolen by the hackers.
IRCTC officials believe that the hackers are selling the dataset containing details Indian Railways passengers including phone numbers, date of birth and other such information packaged in a CD for $225 a piece. “The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers.”There are also reports that the Maharashtra state government has identified the hackers who were selling these details.
Surprisingly, IRCTC is yet to file a police complaint in the matter. AK Manocha, managing director of IRCTC, told Mumbai Mirror that though there has been no official complaint regarding data hacking he has written to Delhi police’s cyber cell to inquire into the matter.
When asked why there was no complaint, Manocha said, “We got some information from our internal sources. So we decided to crosscheck.”
IRCTC is one of the top websites in India with at least 30 million views a day. The IRCTC (Indian Railways Catering and Tourism Corporation) has over 10 million registered users who use the website to book train tickets.
To log in and book tickets, each user has to create an account with email id, physical address and mobile number.
IRCTC officials fear that the hackers may have accessed the details of these 10 million users. Not only the data set could be used to spam, phish or even stalk the passengers, it could be sold to telemarketing companies who value such database and may pay top cent for it.
Sources said that it is unlikely that credit card or bank data would have been compromised, since the payment gateway takes one out of the IRCTC website to the sites of the banks, which have more watertight firewalls.