One of its largest airlines India, has suffered a security breach that has resulted in leaks of 1,2 million passengers, including flight information. According to TechCrunch, a security researcher used brute-force to gain access to SpiceJet's systems, and reported finding the code security it was not a particularly difficult task.
The passenger information was found in an unencrypted file database on one of SpiceJet's systems. As he said researcher, the database included information such as passenger name, phone number, date of birth, and email address.
The database also included the price of the passengers' tickets and their flight number. This information was particularly confidential, as some government officials were included in the passenger names.
The investigator attempted to alert SpiceJet to the database, but was unable to contact her. He then alerted CERT-In, a government official service that manages the security of its cyberspace India. The organization recognized the security issue and informed SpiceJet about it. So far, the airline has taken the necessary steps to avoid a chaotic data leak.
What SpiceJet answered
As a SpiceJet spokeswoman said, airline is committed to the security of any data related to its passengers and that the company's systems are now up to date and protected.
SpiceJet holds about 13% of the market in India. India is the fastest growing air transport market in the world as around 12 million people travel by plane every month and the number is growing rapidly. SpiceJet has about 600 active planes, including international travel planes to Dubai and Hong Kong.