In the newest update on the Indian Railways data breach, the threat actor now claims to have four million more entries, in addition to the 30 million user records for Indian Railways.
In a screenshot obtained by The Cyber Express, a user that went by the name ShadowHacker Leaks is seen trying to sell the data on a Telegram channel, with a message noting, “4 million new entries added, we still dumping, anytime you buy you take the new data with it.”
Meanwhile, as per the latest statement, the Railway ministry said that the suspected data breach is not from IRCTC servers.
A Data breach of Indian railway passengers was reported. However, the Railway ministry said that the suspected data breach is not from IRCTC servers. pic.twitter.com/vD7WGlyXwV
— Rishikesh Kumar (@rishhikesh) December 28, 2022
Indian Railways Forum Breach: 30 Million User Records Sold
The Cyber Express first reported about the Indian Railways data breach after we found a hacker forum user selling 30 million Indian Railway user records. The hacker went by the alias “ShadowHacker.” He noted that it was “one of the biggest railways database in India.”
According to the hacker, the data collected includes various details such as names, email addresses, and phone numbers. They also claimed that there are several government email addresses in the data. The threat actor also claimed to have collected over 25 million phone numbers and other personal information, as well.
Along with the personal identifiable information, the hacker also claimed to have collected various details about the users’ travel history, these include their PNR number, as well as details about their train and destination. They noted that they could disclose the vulnerabilities on the website to collect the data for a price and did not provide further details about the websites they used.
Moreover, they hinted at the potential to disclose the vulnerabilities they exploited within the Indian Railways forum and its related websites, but remained tight-lipped unless offered the right price.
Other datasets that the attacker claimed to have collected includes various travel details. Some of these include the details about the users’ meal preferences, GST details, and berth numbers, as well.
“The data set seems to be fresh as some records from the data sample are from the month of December 2022,” noted a Times Now report.
Meanwhile, there has been certain traction on the news on social media combined with some political commentary.
This is the second major attack against a critical Indian infrastructure following the recent ransomware news attack on AIIMS. Indian Railways is the second government-led undertaking that has been targeted by hackers in the span of two months. This poses some burning questions about the security measures taken by public sector undertakings to protect the personal information of users. This attack, if true, is an indication that India’s most important institutions are overdue for a cybersecurity upgradation,” noted News Bytes.
