Indian flight booking site Cleartrip announces data breach
Popular Indian flight booking site Cleartrip announced a data breach on Monday involving the information of an unknown number of victims.
The site, which is owned by e-commerce giant FlipKart, told The Record that it is still conducting an investigation into the issue and has hired an outside forensic firm to help with the situation. FlipKart's majority owner is Walmart.
“The investigation so far has indicated that limited information like name, email id and phone number are suspected to have been impacted,” a company spokesperson said.
The company added that cyber authorities in India have been contacted and that they are preparing legal action in the event that it is necessary.
The company sent customers an email on Monday informing them of the data breach.
@Cleartrip would you mind telling us when the breach happened? pic.twitter.com/JvMLT1pAp9
— Jayesh Kumar (@Jayesh_Kumar) July 18, 2022
Cleartrip said a “security anomaly” gave hackers “unauthorized access to a part of Cleartrip’s internal systems.”
Cleartrip representatives did not answer questions about when the breach occurred, how many victims were involved and whether any vulnerabilities in their platform were resolved.
Security researcher Sunny Nehra shared screenshots on Twitter of stolen files a hacker posted to a private forum. The hacker's files included troves of data on customers and vendors.
The information shown in the screenshot indicates the hack took place recently, with several file names referencing May 2022.
The CLEARTRIP seems to have suffered a massive data breach !!
— Sunny Nehra (@sunnynehrabro) July 18, 2022
The screenshot as was posted by the threat actor (on private forum) to sell the data. As can be seen : the breach is new, customer entries info as well as internal company files are there.#cybersecurity #CyberAttack pic.twitter.com/ldAM2JtsCb
Companies involved in the airline industry in India have been frequent targets for hackers in recent years.
In May, hundreds of people were stranded at airports across India after the SpiceJet airline reported that it was hit with a ransomware attack. In 2020, TechCrunch reported that a security researcher managed to hack into SpiceJet’s systems and gained access to the information of 1.2 million passengers, including several government officials.
India’s national carrier Air India said in May 2021 that a data breach at one of its software providers exposed the personal information of more than 4.5 million passengers that used its services.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.