India's Akasa Air exposed sensitive records of thousands of customers
Akasa Air, India's newly launched airline that began operations earlier this month, exposed the personal data of thousands of its customers because of a technical glitch that affected its login and sign-up service. The exposed data, discovered by cybersecurity researcher Ashutosh Barot, included full names, gender, email addresses and phone numbers of customers signing up and logging in on the Akasa Air website. The researcher found an HTTP request disclosing the data minutes after looking at Akasa Air's website on its inaugural day on August 7. He had initially tried to communicate with the security team at the Mumbai-based airline directly but did not find a direct contact. “I reached out to the airline via their official Twitter account, asking them for an email ID to report the issue. They gave me the info@akasa email ID to which I didn’t share the vulnerability details because it might be handled by support staff or third party vendors. So, I emailed them again and asked [the airline] to provide [the] email address of someone from their security team. I received no further communication from Akasa,” the researcher said. After not getting a response from the airline on how he can connect with the security team, the researcher informed TechCrunch about the issue. Akasa Air quickly responded when we reached out and acknowledged that the issue had put 34,533 unique customer records at risk. The airline also said the exposed data did not include travel-related information or payment records. On being made aware of the incident, Akasa Air shut down its sign-up service. The airline also said that it added additional controls before resuming its service to the general public.<br/>
https://portal.staralliance.com/cms/news/hot-topics/2022-08-29/unaligned/indias-akasa-air-exposed-sensitive-records-of-thousands-of-customers
https://portal.staralliance.com/cms/logo.png
India's Akasa Air exposed sensitive records of thousands of customers
Akasa Air, India's newly launched airline that began operations earlier this month, exposed the personal data of thousands of its customers because of a technical glitch that affected its login and sign-up service. The exposed data, discovered by cybersecurity researcher Ashutosh Barot, included full names, gender, email addresses and phone numbers of customers signing up and logging in on the Akasa Air website. The researcher found an HTTP request disclosing the data minutes after looking at Akasa Air's website on its inaugural day on August 7. He had initially tried to communicate with the security team at the Mumbai-based airline directly but did not find a direct contact. “I reached out to the airline via their official Twitter account, asking them for an email ID to report the issue. They gave me the info@akasa email ID to which I didn’t share the vulnerability details because it might be handled by support staff or third party vendors. So, I emailed them again and asked [the airline] to provide [the] email address of someone from their security team. I received no further communication from Akasa,” the researcher said. After not getting a response from the airline on how he can connect with the security team, the researcher informed TechCrunch about the issue. Akasa Air quickly responded when we reached out and acknowledged that the issue had put 34,533 unique customer records at risk. The airline also said the exposed data did not include travel-related information or payment records. On being made aware of the incident, Akasa Air shut down its sign-up service. The airline also said that it added additional controls before resuming its service to the general public.<br/>
