Recently there were rumours that the IRCTC website, which also India’s largest e-commerce website, was hacked and the hackers were able to access user information such as email id, phone number and even payment details. IRCTC vehemently denied the hacking news but a Bengaluru based IT startup called Fallible has confirmed that data leak from the IRCTC website is indeed possible and quite easy to hack. The cybersecurity company claimed that the data leak is possible through a vulnerability in IRCTC’s iOS app.
C0-founder of Fallible Abhishek Anand told in an interview with TOI, “Contrary to the claims made in media, there is indeed a data leak happening on the IRCTC website. The data includes phone numbers, email addresses, home addresses, date of birth, Aadhar for those users who gave it on IRCTC, password reset question and the secret answer.” Anand has already sent a mail to Suresh Prabhu, Indian Railways Minister, in this regard. So far no one has tested and confirmed if the hacking is actually possible like Fallible is claiming.
The IRCTC iOS app can be found here.