1 million IRCTC users’ PII resurfaces on data sharing forum

CloudSEK Threat Intelligence has detected a data leak that contains sensitive information of 1 million IRCTC (Indian Railway Catering and Tourism Corporation) users.
Updated on
April 19, 2023
Published on
October 14, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
CloudSEK Threat Intelligence has detected a data leak that contains sensitive information of 1 million IRCTC (Indian Railway Catering and Tourism Corporation) users. The data was purportedly leaked in 2019. IRCTC manages online ticketing, catering, and tourism businesses of Indian Railways. With ~30 million registered users and 550,000 - 600,000 bookings per day, IRCTC is India’s leading travel platform. 

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 1 million IRCTC users.  The post was published on 13 Oct 2020. The poster claims to have 1 million unique users’ data, in clear text format, relevant for the year 2019.   

The contents of the leak

The records contain ~1 million (939230) users’: 
  • Mobile number 
  • Date of Birth
  • Email
  • Gender
  • marital status
  • Name
  • City
  • State

Data verification and validation 

Using public sources we were able to verify the authenticity of the leaked data. 

Impact

  1. Threat actors can use the PII in the data dump to orchestrate phishing, spear phishing, vishing and smishing campaigns, and also online/ offline scams.
  2. This information can be used for identity theft, social engineering attacks, and higher impact attacks like compromise of personal finances and services.

Next Steps

Recommendations for the affected users

  1. Enable multi-factor authentication. 
  2. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case because threat actors already have phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  3. Review all online accounts and financial statements for suspicious activity. 
  4. Caution friends and family against threat actors impersonating you.

General Recommendations

  1. Use strong passwords.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t share OTPs with third-parties. 
  4. Review online accounts and financial statements periodically. 
  5. Regularly update your apps and any other software you use.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations