1 million IRCTC users’ PII resurfaces on data sharing forum

CloudSEK Threat Intelligence has detected a data leak that contains sensitive information of 1 million IRCTC (Indian Railway Catering and Tourism Corporation) users. The data was purportedly leaked in 2019.

Share this Intel:

CloudSEK Threat Intelligence has detected a data leak that contains sensitive information of 1 million IRCTC (Indian Railway Catering and Tourism Corporation) users. The data was purportedly leaked in 2019. IRCTC manages online ticketing, catering, and tourism businesses of Indian Railways. With ~30 million registered users and 550,000 – 600,000 bookings per day, IRCTC is India’s leading travel platform. 

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 1 million IRCTC users. 

The post was published on 13 Oct 2020. The poster claims to have 1 million unique users’ data, in clear text format, relevant for the year 2019. 

 

The contents of the leak

The records contain ~1 million (939230) users’: 

  • Mobile number 
  • Date of Birth
  • Email
  • Gender
  • marital status
  • Name
  • City
  • State

Data verification and validation 

Using public sources we were able to verify the authenticity of the leaked data. 

Impact

  1. Threat actors can use the PII in the data dump to orchestrate phishing, spear phishing, vishing and smishing campaigns, and also online/ offline scams.
  2. This information can be used for identity theft, social engineering attacks, and higher impact attacks like compromise of personal finances and services.

Next Steps

Recommendations for the affected users

  1. Enable multi-factor authentication. 
  2. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case because threat actors already have phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  3. Review all online accounts and financial statements for suspicious activity. 
  4. Caution friends and family against threat actors impersonating you.

General Recommendations

  1. Use strong passwords.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t share OTPs with third-parties. 
  4. Review online accounts and financial statements periodically. 
  5. Regularly update your apps and any other software you use.

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.