According to a report by The Next Web, Researcher’s team at cyber-security firm Safety Detectives first spotted the Elasticsearch server on August 10. The team found that the affected server was accessible for several days without any encryption and password protection. Safety Detective stated in its blog that anyone can access this entire database with the server’s IP address.
The blog also informed that 43 GB of data is available on the server, in which most users are Indians. The firm estimated that more than 7 million people may be affected by the platform’s drawback.
A company spokesperson in this regard claimed that he does not store “financial and other sensitive data”. He said that he does not store credit card details on the server. Apart from this, the spokesperson also informed that only one day’s data is stored on the Rail Yatri server, data older than 24 hours is automatically deleted. In such a situation, he has denied the data leaked information of more than 7 lakh people.
In a blog post, Safety Detective informed that on August 12, the Meow bot has deleted almost the entire server’s data. Meow bot is a new type of cyber-attack, which deletes insecure databases running on Elasticsearch, Redis or MongoDB servers servers.
Download the Gadgets 360 Android app for the latest tech news, smartphone reviews and exclusive offers on popular mobiles and follow us on Google News.