Yatra Data Breach Leaves Access To Data Of 5M Customers


Today is not a good day for both Yatra and Yatra patrons, as a massive data breach just exposed data of more than a whopping five (5!) million (!) customers. Just what happened that caused this catastrophic data privacy breach, and what repercussions is Yatra facing?

It would come a surprise for many when companies actually don’t immediately tell their yatra privacy breachedusers their systems suffering a hack or data breach – but this is exactly what happened when the travel booking service Yatra appears to have suffered an attack with its systems. This is after security researchers have managed to find out evidence of an attack five (5) years after it happened, with more than five (5) million (!) records being exposed in the data breach.

According to a recent Twitter post, Have I Been Pwned (HIBP) showed that a data breach actually happened within Yatra’s systems that exposed around a whopping five million records within its sites. Information such as PINs, passwords, phone numbers, contact addresses, and e-mail addresses being revealed in the process.

Perhaps what’s shocking is that the incident happened five (5) years ago, as far back as 2013. Viglante.pw also confirmed the news as it now listed yatra.in among its huge list of breached database – with the number of compromised entries in the data breach reaching as high as 5,135,570. Curious Yatra users can go to HIBP to check if their emails have been compromised in various attacks as well.

Yatra.in, now Yatra.com, is a travel website based in India that started to operate since 2006. The service has become the second largest digital travel service and agency located in India as of 2012.

What perhaps shocked most is the fact that Yatra appears to have not informed any of its customers about the breach – at least as of the writing of this article. A reason behind this act has yet to be discovered, aside from the usual fear of losing the trust of their customers. However, hiding such a huge data breach does pose questions towards the firm’s trustworthiness and professionalism.

While the breach was confirmed to have happened in 2013, details such as who did the breach and its source have yet to be determined. However, this appears to be a continuation of what’s known as the data breach in Klook Travel, with Yatra being a travel booking service to be added in a growing list of breached sites.  

It can be remembered that Klook Travel, another popular travel booking site, has suffered a data breach early this month as well. The Hong Kong-based site joins Adidas and Ticketmaster in terms of data breaches this month as well.

In the case of Klook Travel and the others, however, they did take the time to make a press release. Klook Travel released theirs last June 29, informing their users that a breach has been found in their site – and this happened because hackers used an exploit on a JavaScript code in one of the sites’ many integrations.

To be specific, web analytics tool SOCIAPlus, a supposed third-party provider, was discovered to be the source of the data breach. Fortunately, compared to Yatra, only 8-percent of Klook Travel customers were affected by the breach, with the victims already have been notified.





You May Also Like: 

Is Snapchat Building Its Own Visual Searching Algo To Find Products Via Amazon?

Human-Centered AI: How Do You Build AIs Based On Human Rights, Democracy?

Apple USB Security Update Has A Major Flaw – Will This Be Fixed?

New Apple Siri Chief Is Former Google AI Boss – What Will Change?