Sometimes, firms prefer to hide the news after they suffer a data breach or hack. The travel booking service Yatra.com seem to have attempted this however, security researchers have exposed the incident after five years. As confirmed recently by HIBP, around five million records were exposed in the Yatra.com data breach happened five years ago.
Yatra.com Data Breach Leaked Five Million Records
In a recent tweet, Have I Been Pwned (HIBP) revealed a Yatra.com data breach incident that exposed five million records. As explained in the HIBP tweet, the breached data includes email addresses, contact addresses, phone numbers, passwords in plain texts, and some PINs.
New breach: Indian bookings website Yatra had 5M records breached in 2013 including email & physical addresses, phone numbers & plain text passwords & PINs. The breach was previously reported by @Vigilante_pw, 60% of emails were already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) July 4, 2018
Vigilante.pw further confirmed the news as it already lists yatra.in among the breached databases. To get precise information, LHN did a quick search on Vigilante.pw, and got the exact number of entries in the breached data to be 5,135,570.
Yatra.com, previously Yatra.in, is an Indian travel website operating since 2006. In April 2012, the service listed itself as the second largest online travel agency and travel service in India.
Yatra.com Currently Silent
Interestingly, Yatra.com has not informed its customers about the incident up to the time of writing this article. We cannot figure out a reason for this unusual act besides a fear of losing credibility with their customers and hiding such a massive breach raises a question mark to the firm’s professionalism and trustworthiness.
HIBP and Vigilante.pw confirmed that the breach took place back in 2013. However, the source of breach, and other details still are pending. Nonetheless, this report serves as a continuation of the Klook Travel data breach, identifying another travel booking service as a victim of a cyber attack.
HIBP is a popular database that lets you know if you have ever suffered a data breach. Troy Hunt, a cybersecurity researcher founded HIBP to help people know a breach. Whereas, Vigilante.pw is an online directory of websites that have ever suffered a data breach.
Recently, HIBP joined forces with Mozilla to launch the ‘Firefox Monitor’ feature that will notify the users in case of hacking or data breach.
Let us know your thoughts in the comments section.