Techcrunch on Friday reported that a security researcher was able to gain access to SpiceJet systems by brute-forcing the system’s password.
Image For Representation
The Indian airline, Spicejet on Friday rubbished reports about a security breach on their systems. But the airline neither confirmed nor denied if the database containing private information of over 1.2 million Indian passengers was accessed by an outsider. Report about a data breach on the airline’s systems was first reported by the tech website, Techcrunch, the airline has denied that such a breach has taken place. The airline spokesperson also refused to comment on if an unauthorised entry was made into one of their systems. Techcrunch on Friday reported that a security researcher was able to gain access to SpiceJet systems by brute-forcing the system’s password. In tech terms, brute force is an attempt to obtain a password or a PIN by repetitive trial and error attempts to guess the password. The researcher was able to guess the relatively easy password and upon entering the system, found an "unencrypted database backup file" containing information of over 1.2 million passengers who have used the airline in December 2019. The file revealed passenger details such as their names, phone numbers, date of birth, the details of government officials also were available in the database, reported the website. Apart from private information of passengers, the database also included flight information and other details that are sensitive. The researcher reportedly told Techcrunch that the database was easily accessible for those who knew where to look. The researcher even approached the airline, informing them about the database being made available and risks of leaving it easily accessible. Techcrunch reported that the researcher received a poor response from the airline when the flaw was pointed out. The website claims to have confirmed the potential security lapse and alerted Spicejet themselves after which steps were taken to protect the database. The airline spokesperson speaking to TNM said that the tech website misreported that there has been a security breach and that the airline has accepted that there was a breach, "They have rectified their mistake, it was an error from their side,". When asked if there has been a breach the Spicejet spokesperson neither confirmed nor denied that a researcher was able to gain entry into one of their systems. “We can’t comment,” said the Spicejet spokesperson. Speaking to TNM a reporter with Techcrunch Manish Singh who co-reported the story said, “SpiceJet is neither confirming or denying the story. We ran it because CERT-In has confirmed the researcher's findings. He also shared a sample of the data with us, which we were able to verify.” The airline had also threatened legal action against the website for 'misreporting'.
Body 2:
No comments:
Post a Comment