The newly launched Indian airline, Akasa Air, has suffered a massive data breach exposing the personal data of thousands of customers because of a technical glitch that caused login and sign-up issues. The airline confirmed the news of the data breach via an official statement; “As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals. We can confirm that aside from the above details, no travel-related information, travel records or payment information was compromised.”
Data Breach Exposed Thousands of Customers’ Data
The cybersecurity researcher, Ashutosh Barot, discovered the data breach. He found an HTTP request disclosing the data minutes after looking at Akasa Air’s website on its inaugural day on August 7, according to TechCrunch. The exposed data included; the full names, gender, email addresses, and phone numbers of customers signing up and logging in on the Akasa Air website.
The researcher tweeted the airline to get in touch with the security team but he didn’t get any response. He said; “I reached out to the airline via their official Twitter account, asking them for an email ID to report the issue. They gave me the info@akasa email ID to which I didn’t share the vulnerability details because it might be handled by support staff or third-party vendors. So, I emailed them again and asked [the airline] to provide [the] email address of someone from their security team. I received no further communication from Akasa.”
Akasa Air Fixed the Vulnerability
After being made aware of the data breach, Akasa Air immediately shut down its sign-up services and added additional controls before resuming its service to the public. Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air said; “At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced. We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems.”
Also read: Air India leaks the data of more than 4.5 million users in a massive data breach