SpiceJet’s hacker who gained access to 1.2 million passenger record tried to warn the airline - but it fell on deaf ears

• The data breach includes names, phone numbers and more of over 1.2 million SpiceJet passengers.
  
• The security researcher calls their actions as “ethical hacking”, so it is likely that the data won’t fall into the wrong hands.
  
• SpiceJet initially did not offer a “meaningful response”, but fixed the breach after being notified by CERT-In.
  

SpiceJet has reportedly been affected by a data breach, exposing private information of more than 1.2 million passengers. A security researcher gained access to the information by brute-forcing the password to SpiceJet’s systems.

SpiceJet had left the information unencrypted in a database file, giving easy access to hackers.

According to the TechCrunch report, the researcher claims his actions as “ethical hacking”. While this suggests that the passenger data may not fall into the wrong hands, it does reveal multiple lapses in SpiceJet’s systems.

The data which was exposed includes names, phone numbers, email addresses, date of birth and flight information of passengers. Leaving the database unencrypted and using an easy password for its systems meant that it was only a matter of time before someone gained unauthorized access to this data.

The security researcher had contacted SpiceJet to notify them about the security issues, but the airline never gave a “meaningful response”. The researcher then reached out to the Indian Computer Emergency Response Team (CERT-In), who verified the researcher’s findings and notified SpiceJet. It was only then that the airline took the necessary measures to fix its systems.

“At SpiceJet, safety and security of our fliers' data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers' data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that privacy is maintained at the highest and safest level,” SpiceJet said in a statement to TechCrunch.

The low-cost airline currently has a market share of 13.6%, with a majority of its 603 daily flights catering to domestic destinations. The company’s stock price is currently hovering at ₹96.35, just a shade above its 52-week low price of ₹92.25. In the second quarter of 2019, SpiceJet posted a loss of ₹463 crore despite an increase of 52% in its revenue.

In November last year, SpiceJet announced a codeshare agreement with Dubai-based Emirates, allowing customers to book SpiceJet flights via the Emirates website.

See also:

Biggest Data Breaches Of 2019

Airtel data breach exposes personal data of 32 crore subscribers