RailYatri.in the Indian rail travel booking website exposed 37 Million user records/43GB database; Exposed database deleted by the Meow Bot
We had reported about the famous Meow bot which works as some sort of database sweeper and prowls the Internet looking out for exposed databases. Upon finding such misconfigured servers leaking user data, the Meow Bot simply deletes the database.
This is what happened to a very popular Indian travel booking website, Yatri.com. A security research team from SafetyDetectives discovered an Elasticsearch server hosting the RailYatri.com without password protection or encryption on August 10, The team from SafetyDetectives led by Anurag Sen reached out to railyatri.in to patch the leaking server but it did not respond. Since the Railyatri.in operates with the Indian Railways, Sen contacted Indian cyber protection watchdog, CERT (CERT-In) after which the leak was patched.
In the meantime, the RailYatri.in exposed 37 million records linked to around 700,000 unique users of the popular site. The database contains user details of both the desktop website and the RailYatri Android smartphone App which has been downloaded over 10 million times on Google Play.
according to Sen, the database exposed RailYatri.in users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location, and names/first and last four digits of payment cards.
“Exposed user information could potentially be used to conduct identity fraud across different platforms and other sites,” argued SafetyDetectives.
As soon as the RailYatri.in database was exposed, the Meow Bot struck on 12th August and deleted the 42GB of the 43GB database except 1GB of the data.
However, the database could have exposed the 700,000 users and they could be victims of stalking, phishing, extortion, and even physical attack.
“RailYatri’s server recorded and stored users’ location information when booking their tickets, and also allowed users to track their journey progress with integrated GPS functionality. This information could be used by hackers to locate the nearest cell tower to the user, and potentially, the user’s actual location including current address,” SafetyDetective says.
The Meow Bot acts like an online vigilante and is on a mission to delete exposed databases. It started by deleting the misconfigured database of 6 Hong Kong-based VPN servers and has continued its destruction campaign. While the Meow bot does do a good samaritan act by deleting the database from user point of view. companies lose their clients lists and client information when the Meow bot strikes.