SpiceJet servers have allegedly been impacted by a massive breach. As per the report released by TechCrunch, sensitive information on more than 1.2 million passengers was exposed by security researchers.
The details include passenger names, phone numbers, email addresses, date of birth and flight information.
The report alleges that security researchers took advantage of SpiceJet’s poor access control mechanisms that allowed them to power through the systems by leveraging weak authentication and predictable password combinations.
According to the researchers, the sensitive data of the passengers was located in an unencrypted backup file, allowing for a simple access. The data is unlikely to spill over public domain.
SpiceJet officials have, however, dismissed the report.
“There was no data breach in any of SpiceJet’s servers. At SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level”.
Concerns over SpiceJet’s commitment to data security come to light.
The researchers allegedly reached out to the airline officials to intimate them about the lapses in the system’s security network, but to no avail. After receiving no “meaningful response” from the airline officials, the researchers directed their efforts to the Indian Computer Emergency Response Team (CERT-In), who substantiated the researchers’ claims.