Indian Railways hack: 3 Crore passengers’ data leaked and is up for sale on the dark web | Digit

The data of over 3 Crore Indian Railways users has been leaked and is reportedly up for sale on the dark web. The data, which includes booking data as well as user information, is being sold for $400 per copy, with buyers only allowed to buy five copies. In case a buyer wants exclusive access to the data, they will have to pay $1,500 and $2,000. The breach took place on December 27, 2022.

IRCTC responds to allegations of data leak

On being questioned about the leak, the IRCTC issued a statement about the leak. They said “An incident regarding Indian Railway data breach has been reported in the media. In this connection it may be submitted that Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers.

On analysis of sample data it is found that the sample data key pattern does not match with IRCTC history API. Reported/suspected data breach is not from the IRCTC servers.

Further Investigation on the data breach is being done by IRCTC. All IRCTC Business Partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC.”

Who hacked the Indian Railways?

The name of the hacker is ‘Shadow hacker’, as per the posts made on forums where the data is up for sale. Nothing else is known about the entity. 

For more
technology news,
product reviews, sci-tech features and updates, keep reading
Digit.in or head to our
Google News page.