Exploit: Unsecured Database
RailYatri: Travel Facilitation Website
Risk to Small Business: 1.791 = Severe
Cybersecurity researchers discovered Elasticsearch server without password protection or encryption on August 10 containing 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. An estimated 37 million records linked to around 700,000 unique users of the popular site and a mobile app had data exposed including users’ full name, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.
Individual Risk: 2.227 = Severe
The data exposed in this breach could create an opportunity for identity theft, spear phishing attempts, or other social attack driven cybercrime. Users should reset their account password and stay alert for fraud attempts.
Customers Impacted: 700,000+
How it Could Affect Your Customers’ Business: Unsecured databases continue to be a problem, and with new cyberattacks like MeowBot that don’t just lock up data but delete it, guarding against intrusions like this is crucial to prevent unrecoverable data disasters.