A security researcher, describing themselves as an ‘ethical hacker’, has managed to gain access to the details of more than a million SpiceJet passengers.
The unidentified hacker told TechCrunch that they managed to access one of the Indian airline’s systems by “brute-forcing” its easily-guessable password.
They found on the system an unencrypted database backup file containing private information of around 1.2 million passengers.
Data on the passengers, which reportedly included some state officials, included details such as names, phone numbers, email addresses and date of birth.
SpiceJet has since taken steps to protect the database after the researcher alerted the airline.
But the report claims that the carrier only took action after India’s government cybersecurity agency CERT-In alerted it.
A SpiceJet spokesperson told TechCrunch: “At SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process.
“We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
SpiceJet is one of India’s dominant airlines and carriers around 12 million people each month. Last year it announced plans to begin operating from a new hub in the Middle East.