Filled Under: , ,

IRCTC website HACKED and 10 million passengers data is threatened

"Hacking"  this word threatens everybody, nowadays it became very hard to be in privacy , because even the things around you are in control of other people , who can destruct your privacy ,your personal data and everything you called it as secured. This time its Indian Railway Catering and Tourism Corporation (IRCTC).The IRCTC website has been 'HACKED' and now around 10 million passengers data is in threat ,they are nowhere secured now.




IRCTC is India’s largest e-commerce website, lakhs of transactions are done everyday. Customers provide details like Pan Card numbers and address and many of their proofs while filling up online reservation forms which could be stolen by the hackers. Hackers sometimes try to do this type of activities and crack into government websites just to show the authorities how vulnerable their security gateway is and how much easy is to hack these websites. BSF, DRDO, Press Club of India and many other government websites have been hacked before in the same way, so it wouldn't be a surprise if IRCTC have to face the same situation.


IRCTC officials believe that the hackers are selling out the data containing details of Indian Railways passengers including their contact details, date of birth and other personal information packaged in a CD for $225 per set. The data is valuable and can be sold to corporations who may use it for targeting potential consumers. There are also reports that the Maharashtra  government has identified the hackers who were selling out these details, but we have to wait and see who are the culprits behind this.

Generally if a passenger wants to book a ticket , each user has to create an account with email id, few personal details and mobile number. IRCTC officials fear that the hackers may have accessed the details of these 10 million users. They even think that  not only the data set could be used to spam or even stalk the passengers, it could be sold to telemarketing companies who uses such database and make money & pay a hugesum from this.

Vivek Chudgar , Senior Director for Mandiant for Asia Pacific said, "When a massive data breach like this is alleged, the first thing organizations should do is ,they must carry out a proper forensic investigation to validate the claim. Once a breach is confirmed, it's important to  investigate  exactly what was stolen, the impact to the business and its customers, how the attacker gained access. The skills required for this are beyond what most organizations have in-house. When Mandiant undertakes investigations like this, we use advanced forensic techniques to reconstruct every step the attackers took. While oftentimes the first inclination is to blame insiders, Mandiant often finds that outside attackers are only responsible".

This time its IRCTC , tomorrow it could be any other, but its our choice to keep away our data from these kind of activities  because anything can happen anytime !!!