Akasa Air, India’s newest commercial airline, disclosed the personal data of its customers as a result of a technical configuration error.
According to Ashutosh Barot, a cybersecurity researcher, there was a problem with the registration process of the accounts, which allowed information such as name, gender, email, phone numbers to appear.
Researchers detected a vulnerability on August 7, the day the company started its operations.
“I found an HTTP request to which I can access my name, e-mail address, phone number, gender, etc. in JSON format,” Barot wrote. said.
After receiving the report, Akasa Air stated that it temporarily shut down some parts of its system to take additional security measures. It also reported the incident to the Indian Computer Emergency Response Team (CERT-In).
Akasa Air emphasized that no information about travels or data of payments was disclosed and there was no evidence of exploitation of the vulnerability.
[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”Teklif Talep Edin” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]Siber Güvenlik, Dijital Dönüşüm, MSSP, Sızma Testi, KVKK, GDPR, ISO 27001, ISO 27701 ve DDO Bilgi ve İletişim Güvenliği Rehberi başlıklarıyla ilgili teklif almak için lütfen tıklayın.[/vc_cta][/vc_column][/vc_row]