Flipkart’s Cleartrip suffers “massive” data breach
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022
The Indian online travel company Cleartrip revealed it has been affected by a data breach, which one security researcher described as “massive”.
The company said there had been a security anomaly that entailed illegal and unauthorised access to a part of its internal systems, it told customers in an email sent yesterday.
Cleartrip assured customers that aside from some details which are part of their profile, no sensitive information belonging to their account had been compromised as a result of the anomaly of its systems. The travel company said that customers could choose to reset their passwords as a precautionary measure.
“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law,” the company stated in the email.
However, security researcher Sunny Nehra said that the company seems to have suffered a massive data breach. Nehra found that the threat actor posted a screenshot of the stolen data on a private forum to sell the data.
Nehra added that the breach is new and includes customer entries as well as internal company files. There are several files, including “B2C Customer Entries” and “09_India_hotel_sale”. The screenshot also appears to show that the hack may have taken place between April and May 2022.
“We have identified a security anomaly in a few of our internal systems,” a Cleartrip spokesperson told IT Pro. “Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”
Cleartrip is a global online travel company headquartered in Mumbai which operates in India and the Middle East. It has offices in India, the UAE, Saudi Arabia, and Egypt. In April 2021, it was acquired by the Indian e-commerce giant Flipkart, which claims to have over 100 million registered users.
It’s not the only Indian company to be targeted by attackers recently, as a flood monitoring system in Goa was hit with ransomware last week. Cyber attackers demanded Bitcoin in return for decrypting the data after striking the Water Resource Department’s flood monitoring system with a ransomware attack on 21 June.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download