India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
Aug 30, 2022
Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot , the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country. "I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format," Barot said in a write-up. "I immediately changed some parameters in [the] request and I was able to see other user's PII. It took around ~30 minutes to find this issue." Upon receiving the report, the company said it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (...
