As a result of technical malfunction that crippled its login and sign-up service, Akasa Air, India’s newly founded airline that came into operation earlier this month, exposed the private information of thousands of its clients.
Ashutosh Barot, a cybersecurity researcher, uncovered the exposed data, which includes complete names, gender, email addresses, and phone numbers of consumers signing up and checking in on the Akasa Air website.
On August 7, the researcher discovered an HTTP request revealing the data minutes after visiting Akasa Air’s website. He attempted to call the security personnel of the Mumbai-based airline directly at first but was unable.
““I reached out to the airline via their official Twitter account, asking them for an email ID to report the issue. They gave me the info@akasa email ID to which I didn’t share the vulnerability details because it might be handled by support staff or third party vendors. So, I emailed them again and asked [the airline] to provide [the] email address of someone from their security team. I received no further communication from Akasa,”
Ashutosh Barot
After not receiving a response from the airline regarding how he might contact the security staff, the researcher told TechCrunch of the problem.
When we contacted Akasa Air, they reacted swiftly and recognised that the problem had put 34,533 unique customer information at danger. The airline further stated that the exposed data did not include any trip or payment details.
Akasa Air suspended its sign-up service after learning about the occurrence. The airline also stated that it installed extra measures before resuming broad public service. Furthermore, the airline informed TechCrunch that it conducted further checks to verify the security of all of its systems.
Akasa Air reported the problem to India’s official cybersecurity body CERT-In and alerted impacted customers in a statement released on Sunday. Because of the data vulnerability, it recommended users to “be wary of any phishing efforts.” Furthermore, it confirmed to TechCrunch that there was no “unwanted uptick in access” to the data.
“At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced. We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems.”
Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air
“I am glad the airline fixed the issue on short notice and reported it to CERT-In as well as informed its customers about the incident, which is an exemplary step,” the researcher replied.
Image credits: wikipedia
💫FOLLOW US FOR MORE UPDATES. ❌WE DO NOT HAVE IRRITATING AND SPAMMY NEWSLETTERS. ✅EVERYTHING IS AND WILL BE FREE FOREVER. SEE YOU AGAIN IN YOUR STORIES AND FEED 🙂
