SpiceJet has suffered a data breach that involves the details of more than a million of its passengers, reports TechCrunch. A security researcher has labeled their actions as ‘ethical hacking’. They gained access to one of SpiceJet’s systems through an easily accessible password. An unencrypted database file was discovered that had private information of more than 1.2 million passengers of the budget-carrier.
The information included records with details such as the name of the passenger, their phone number, email address and their date of birth. Some passengers were state officials. It also included a month’s worth of flight information and details of each commuter. The security researcher also added that they believe that the database was easily accessible for anyone who knew where to look.
SpiceJet has taken measures to contain the breach
When the security researcher contacted SpiceJet about the data breach, there was no proper response. The researcher then alerted CERT-In, a government-run agency in India that handles cybersecurity threats in the nation. CERT-In confirmed the security lapse, and alerted SpiceJet. After this the carrier has taken the necessary measures to protect their database.
SpiceJet has 13% of Indian aviation’s market share
SpiceJet released an official statement saying: “At SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
India is one of the world’s fastest-growing aviation markets in the world. SpiceJet has roughly 13% of the market share in India. It flies more than 600 planes each day, including several that connect India to foreign regions such as Dubai and Hong Kong.