Travel booking site Cleartrip confirms data breach after hackers put data up for sale – TechCrunch


Cleartrip, one of the popular travel booking platforms in India, has confirmed a data breach after hackers claimed to post the stolen data on the dark web.

Responding to a TechCrunch request for comment based on a tip shared by a security researcher, Cleartrip said it was taking legal action against the hackers.

“We have identified a security anomaly in a few of our internal systems,” a spokesperson for Cleartrip told TechCrunch in a prepared statement. (The spokesperson did not provide his name.) “Our information security team is currently investigating the matter with a leading external forensic partner and taking appropriate action. Legal actions and appropriate remedies are being assessed and action taken as required by law.

The exact details of the data stolen – and whether the data is of a sensitive nature – are not immediately known.

security researcher Sunny Nehra notified TechCrunch of the data breach Monday morning. The researcher said the hackers were selling the data on a private invite-only forum on the dark web. However, the exact price at which the data went on sale was not mentioned in the post, the security researcher said.

Said message was taken down just hours after it was posted on the forum.

TechCrunch contacted Cleartrip after viewing a screenshot shared by Nehra, apparently indicating the data breach incident.

“By looking at the filenames in the screenshot that was posted by the threat actor, one can analyze the extent of the breach,” Nehra said.

He added saying that it looks like the hackers got all the data from Cleartrip.

“Besides the files apparently containing information on customers, earnings, etc., there are also files including ‘GST on advance work’ which raise many questions about the involvement of certain insiders,” Nehra said.

The files offered for sale by the hackers also included those from June, suggesting the data was stolen recently, the security researcher told TechCrunch.

Nehra also reported the incident to India’s CERT-In.

Cleartrip started inform users on the breach in an ambiguous tone, without revealing any details about the data the hackers accessed.

“We would like to assure you that apart from certain details that form part of your profile, no sensitive information relating to your Cleartrip account has been compromised as a result of this anomaly in our systems,” the company said in its statement. E-mail.

Cleartrip also advised users to reset their account password “as a precaution”, it said. “We regret the inconvenience caused,” the company said.

Founded in 2006, Cleartrip was acquired by Walmart-owned Flipkart in April last year. The company enables flight and hotel bookings through its web-accessible platform as well as native mobile apps.



Tech

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button