• Link to Facebook
  • Link to LinkedIn

Tel: 020 7250 3840

4TC Services
  • Home
  • IT Support
    • About Managed IT
    • Fully Managed
    • Proactive IT Support
    • Ad-Hoc
    • Mac Remote Management
    • Installation and Relocation
  • Backup
    • Direct to Cloud Backup
    • Disaster Recovery
  • Security
    • Digital ID & the Dark Web
    • Anti-Virus
    • Mail Archiving
    • Managed Anti-Spam
  • FileMaker
  • Cloud
    • IT as a Service – IaaS
  • About Us
    • Contact
    • Cookie Policy
    • Privacy Policy
    • GDPR – Statement
  • Telecoms
    • Teams – Voice and Video calling
  • Products
  • Blog
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu

Travel Site Exposed 37 Million Records Before Meow Attack

The company behind one of India’s most popular travel booking sites exposed 43GB of the customer and corporate data before it was deleted by the infamous “Meow” attacker, according to researchers.

A team at SafetyDetectives led by Anurag Sen discovered an Elasticsearch server without password protection or encryption on August 10.

It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In).

However, that was too late to save most of the information stored there: the Meow bot struck on August 12 and apparently deleted all but 1GB of the data.

The trove itself contained an estimated 37 million records linked to around 700,000 unique users of the popular site, a mobile app version of which has been downloaded over 10 million times on Google Play.

Exposed in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.

“Exposed user information could potentially be used to conduct identity fraud across different platforms and other sites,” argued SafetyDetectives.

“Users’ contact details could be harnessed to conduct a wide variety of scams while personal information from the breach could be used to encourage click-throughs and malware downloads. Personal information is also used by hackers to build up rapport and trust, with a view of carrying out a larger magnitude intrusion in the future.”

The firm also warned that exposed data could have put customers in physical danger.

“RailYatri’s server recorded and stored users’ location information when booking their tickets, and also allowed users to track their journey progress with integrated GPS functionality. This information could be used by hackers to locate the nearest cell tower to the user, and potentially, the user’s actual location including current address,” it explained.

“Regular train users generate clear and distinguishable travel patterns which malicious actors could use to commit violent crime directly upon the individual.”

The bot-driven Meow attack campaign has so far destroyed data from thousands of victims, providing an even greater urgency for IT managers to ensure any cloud databases are properly configured.

We’re 4tc Managed IT Services

4TC can support you with all the services you need to run your business effectively, from email and domain hosting to fully managing your whole IT infrastructure.

Setting up a great IT infrastructure is just the first step.  Keeping it up to date, safe and performing at its peak requires consistent attention.

So we can act as either your IT department or to supplement an existing IT department. We pride ourselves in developing long term relationships that add value to your business with high quality managed support, expert strategic advice, and professional project management.

News Source: https://www.infosecurity-magazine.com/

Search Search

Recent Posts

  • How to Protect Your Business from Cyber Threats with Digital ID Monitoring
  • 10 Game-Changing Strategies to Boost Productivity and Optimise Your Business Operations
  • How to Work Smarter, Not Harder: The Ultimate Guide to Business Efficiency
  • 5 Things Remote Workers Should Have in Place for Threat Prevention
  • Cyber Security for Remote Workers: Protecting Data Outside the Office

Recent Comments

    Archives

    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • May 2017
    • June 2015

    Categories

    • 4TC
    • Anti-Spam
    • Blogs
    • Cyber Security
    • Data Science
    • Disaster recovery
    • IT Services
    • News
    • Services
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    4TC Services

    Email: support@4tc.co.uk

    Tel: 020 7250 3840

    London Office

    5th Floor, 167‑169 Great Portland Street
    London
    W1W 5PF

    Essex Office

    Dew Gates The Street
    High Roding
    Essex
    CM6 1NT

    Signup for IT News!



      © Copyright - 4TC Services
      • Link to Facebook
      • Link to LinkedIn
      Link to: Businesses Opt to Outsource Cybersecurity Services Link to: Businesses Opt to Outsource Cybersecurity Services Businesses Opt to Outsource Cybersecurity ServicesLink to: TeamViewer Flaw Risks Password Exposure Link to: TeamViewer Flaw Risks Password Exposure TeamViewer Flaw Risks Password Exposure
      Scroll to top Scroll to top Scroll to top