Các bài viết liên quan:
Akasa AirIndia’s newest commercial airline, has revealed its customers’ personal data, which the company blames on technical configuration errors.
According to security researcher Ashutosh Barot, the problem stems from the account registration process, which leads to the disclosure of details such as name, gender, email address and phone number.
The bug was identified on August 7, 2022, the same day the low-cost airline started operating in the country.
“I found an HTTP request providing my name, email, phone number, gender, etc. in JSON format,” Borot said in a post. “I immediately changed some parameters in [the] request and I can see the other user’s PII. It took about 30 minutes to figure this out. “
After receiving the report, the company said it temporarily closed parts of its system to incorporate more balustrades. guard security. It has also reported the problem to India’s Computer Emergency Response Team (CERT-In).
Akasa Air emphasized that no travel-related information or payment details were accessible and that there was no evidence of the incident having been exploited in the wild.
The airline said it has notified affected users directly of the issue, though the size of the leak remains unclear, adding that it “recommends users to be alert to possible phishing attempts.”
.
