Cyber Incident Victim: RailYatri

The RailYatri data breach originated from a misconfigured Elasticsearch server discovered in February 2020 by cybersecurity researcher Anurag Sen, who found it publicly accessible without password protection or authentication. This server contained over 700,000 logs with 37 million entries, including internal production logs and sensitive user data. Despite Sen’s direct notification to RailYatri, the company initially denied ownership of the server before dismissing the data as test material. The server was secured only after Sen escalated the issue to India’s Computer Emergency Response Team (CERT-In). Two years later, on December 31, 2022, a second breach occurred when hackers leaked a 12 GB database containing personal details of 31,062,673 users on BreachForums, a cybercrime forum. The stolen data included full names, email addresses, phone numbers, genders, geographic locations, and 37,000 invoices.

The February 2023 leak exposed travelers to heightened risks of identity theft and phishing due to the combination of personal identifiers and location histories. RailYatri did not publicly acknowledge the 2022 breach until the database appeared online, with no disclosed remediation actions or statements about system vulnerabilities. Security researcher Anurag Sen attributed the incident to inadequate cybersecurity measures following the 2020 exposure, noting India’s lack of GDPR-equivalent penalties reduced corporate accountability. Hackread.com confirmed the authenticity of the leaked data and advised users to change passwords, enable multi-factor authentication, and monitor financial accounts for fraudulent activity. The breach highlighted persistent security failures in India’s digital infrastructure amid increased reliance on online services during the COVID-19 pandemic.