SpiceJet Database Breach Exposure Details Over 1.2 Million Passengers: Report

SpiceJet Database Breach

SpiceJet was reportedly affected by a security flaw that exposed personal details of more than 1.2 million passengers, including flight information. The information is said to have been found in an unencrypted database file after a security researcher gained access to the SpiceJet system to force a password. For now, details about the hack are scarce, and the low-cost Indian airline has not revealed much in the boilerplate statement provided in response to the report.

As reported by TechCrunch, the breach was made by a security researcher who is not naming the publication, as they likely violated US computer hacking laws. The report elaborates to claim that the researcher has gained access to brute-forcing using one of SpiceJet’s systems, which is being called an “easily predictable password”. The system had until last month an unencrypted backup file with personal details of more than 1.2 million passengers, including details of a rolling month’s value such as name, phone number, email address, date of birth, and flight information.

The report said the researcher described their violation as “ethical hacking”, and contacted SpiceJet, but the airline never received a “meaningful response”. Only after the Ministry of Electronics and Information Technology (MEAT) was informed to the Indian Computer Emergency Response Team (CERT-In), the researcher’s findings were independently confirmed, and then informed to SpiceJet, that the breach was fixed .

Gadgets 360 reached out to a SpiceJet spokesperson to comment on the security flaw. With the researcher himself being reported to have breached the system and gain access to the database, security lapses could possibly be termed as better protection from breaches. It is uncertain whether the data was leaked, or that ‘ethical hackers’ ensured that the database did not fall into the wrong hands, and responsibly saw that the problem was fixed.

We received a statement from a SpiceJet in response to our query, stating that no breach occurred, “There was a data breach in any of SpiceJet’s servers. On SpiceJet, the security and security of our flyer’s data is sacrosanct. Our systems are fully capable. And flyer is always up-to-date to keep data secure which is a continuous process. Let’s take every measure possible to ensure that privacy is maintained at the highest and safest level. ”

Editor’s Note: A previous version of this article stated that SpiceJet confirmed to Tech Crunch that a security lapse had occurred. The publication has revised the article to remove all mentions of confirmation, and we have made changes to reflect this on the explanation from SpiceJet.

240 thoughts on “SpiceJet Database Breach Exposure Details Over 1.2 Million Passengers: Report

  1. Excellent web site. A lot of useful info here. I am sending it to some friends ans also sharing in delicious. And obviously, thanks for your sweat!

  2. I’m studying for my bachelors degree in computer science, and I might continue on to get a masters degree. I have my A+ and Network+ certifications, and I’m planning on getting Linux, Network Security, and the Microsoft certifications.. . Can I get a job doing computer forensics with this? If not, what should I do to increase my chances of getting a computer forensics job?. . Thanks. Just a little more info: I do more programming than anything with computers, but I’m pretty good with the non-programming side too..

  3. I am looking to start my own blog, but I want to make sure it is on a popular site where people will read it. I plan on discussing sports, video games and whatever else is interesting at the time. What are the best/most popular sites to blog on?.

Comments are closed.