New Delhi: Millions of Indian Railway users' personal information appears to have been exposed online. According to rumours, a hacker has put the data up for sale on the dark web. Only a few days have passed since the All India Institute of Medical Science (AIIMS), India's premier medical institution, was alleged to have had a data breach. Here is what we currently know about the most recent data breach.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

We don't know if the data provided by the hacker is accurate because the government or the Indian Railways haven't verified anything about the data breach to date. Hackers allegedly acquired a large amount of user data, including email, mobile number, address, age, and gender, according to a report from Times Now. (Also Read: Twitter data breach: Hacker posted list of hacked data of 400 million users-- Check whether your data is leaked or not)


According to the hacker, the group also compromised the billing information and trip records of Indian Railway customers. Both user information and information about people's bookings are included in the stolen data. A buyer can only get five copies of the data for $400 per copy, according to the forum. According to a report by IndiaTimes, those who want exclusive access to the data will need to pay between $1,500 and $2000 for the data and vulnerability details. (Also Read: MIRACULOUS RETURN! Save Rs 150 daily to get Rs 20 lakh in 15 years in THIS Post Office Scheme, check calculator, policy terms)


According to reports, the data breach happened on December 27. On a hacker forum, information regarding the data leak was provided by a person whose true identity is still unknown. It was published by a user going by the fictitious moniker of "Shadow Hacker."


The same hacker group also asserts that they were successful in obtaining many individuals' official email addresses from government agencies. There is no information available at this time regarding how the hacker gang gained access to IRCTC data. Security companies have not yet verified the validity of the most recent data breach.