Akasa Air, India’s newest commercial airline, disclosed the personal data of its customers as a result of a technical configuration error.
According to Ashutosh Barot, a cybersecurity researcher, there was a problem with the registration process of the accounts, which allowed information such as name, gender, email, phone numbers to appear.
Researchers detected a vulnerability on August 7, the day the company started its operations.
“I found an HTTP request to which I can access my name, e-mail address, phone number, gender, etc. in JSON format,” Barot wrote. said.
After receiving the report, Akasa Air stated that it temporarily shut down some parts of its system to take additional security measures. It also reported the incident to the Indian Computer Emergency Response Team (CERT-In).
Akasa Air emphasized that no information about travels or data of payments was disclosed and there was no evidence of exploitation of the vulnerability.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.