CloudSEK Threat Intelligence has detected a data leak that contains sensitive information of 1 million IRCTC (Indian Railway Catering and Tourism Corporation) users. The data was purportedly leaked in 2019. IRCTC manages online ticketing, catering, and tourism businesses of Indian Railways. With ~30 million registered users and 550,000 - 600,000 bookings per day, IRCTC is India’s leading travel platform.
Discovery of the leakCloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 1 million IRCTC users. The post was published on 13 Oct 2020. The poster claims to have 1 million unique users’ data, in clear text format, relevant for the year 2019.
The contents of the leakThe records contain ~1 million (939230) users’:
- Mobile number
- Date of Birth
- marital status
Data verification and validationUsing public sources we were able to verify the authenticity of the leaked data.
- Threat actors can use the PII in the data dump to orchestrate phishing, spear phishing, vishing and smishing campaigns, and also online/ offline scams.
- This information can be used for identity theft, social engineering attacks, and higher impact attacks like compromise of personal finances and services.
Recommendations for the affected users
- Enable multi-factor authentication.
- Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case because threat actors already have phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts.
- Review all online accounts and financial statements for suspicious activity.
- Caution friends and family against threat actors impersonating you.
- Use strong passwords.
- Enable multi-factor authentication for all your online accounts.
- Don’t share OTPs with third-parties.
- Review online accounts and financial statements periodically.
- Regularly update your apps and any other software you use.