• Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

IRCTC website hacked, info of lakhs feared stolen

Status
Not open for further replies.

Lalit

Active member
[h=1]IRCTC website hacked, info of lakhs feared stolen[/h]Manthank MehtaPersonal data of around 1 crore customers is feared to have been stolen from the server of the e-ticketing portal Indian Railway Catering and Tourism Corporation (IRCTC), thus raising fears of safety and security.
| TNN | May 5, 2016, 04.39 AM IST

UMBAI: Personal data of around 1 crore customers is feared to have been stolen from the server of the e-ticketing portal Indian Railway Catering and Tourism Corporation (IRCTC), thus raising fears of safety and security.

[h=2]Top Comment[/h]Shame on us as we claim as the world leaders in IT..!!nan ksn




IRCTC is India's largest e-commerce website, lakhs of transactions are conducted every day. Customers provide details like Pan Card numbers while filling up online reservation forms. A senior railway official said, "Somebody can create forged documents on the basis of the stolen data."



An IRCTC source said, "The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers." IRCTC officials say the Maharashtra government has been alerted. The state's additional chief secretary (home), KP Bakshi, confirmed to TOI that the state police had alerted the railways, but refused to give any more details.

http://timesofindia.indiatimes.com/...te-hacked-information-of-lakhs-feared-stolen/
 
Software vendors to Railways, would not care to do anything as their bills /dues / claims may usually be paid that too after protracted delay and "discount".
 

navy-eswaran

Active member
The only thing we could do is to change the pass word of our ATM / net -banking, email etc.
If we do it immediately nothing could happen to us.
why keep debit card number pin etc in irctc? i always type for each transaction and with two stage verification by visa/master it is difficult to pay through net. especially PSU banks follow 3 stage verification.
retyping for every transaction takes only a few minutes and is not a tiresome activity.
Further IRCTC has clarified that nothing happened.
finally GOI goes for lowest quote for shortlisting vendors. so ... ( i don't want to add any thing)
 
I think too much is being made of hacking of some details.

I have been using credit cards with multiple verification .

I have never faced any issues.

But the site is pretty slow with heavy traffic.

Most trains on trunk lines are over booked .

Best book at odd hours with low IT traffic well in advance with credit cards with multiple authentification..

If some one still steals our data, he might regret it later. Who wants and pays for data of senior citizen who are paupers?
 
I think too much is being made of hacking of some details.

I have been using credit cards with multiple verification .

I have never faced any issues.

But the site is pretty slow with heavy traffic.

Most trains on trunk lines are over booked .

Best book at odd hours with low IT traffic well in advance with credit cards with multiple authentification..

If some one still steals our data, he might regret it later. Who wants and pays for data of senior citizen who are paupers?


Krishji,

In case your credit card details are stored then it may lead to compromise..Fraudsters would use the stored information for online purchases mainly electronic goods, jewellery etc which help them earn fast bucks by selling those items
 
vganeji
Living in india itself is a risky proposition.

One can do a risk analysis and take a call.

It is best to use a credit card with low authorised limit.

so one knows what is the worst option.
 
OP
OP
L

Lalit

Active member
[h=1]Website not hacked, user data safe, confirms IRCTC[/h]Debashis SarkarThe hacking speculations started after Maharashtra Cyber Cell was reportedly informed about a CD containing phone numbers, date of birth and other such information of IRCTC users being sold for Rs 15,000 in the market.
| TOI Tech | May 5, 2016, 02.16 PM IST

EW DELHI: Indian Railway Catering and Tourism Corporation (IRCTC) has denied reports claiming that the e-ticketing portal of Indian Railways has been hacked. "We deny all reports claiming that IRCTC website was hacked. It is running perfectly fine," IRCTC PRO Sandip Dutta told TOI Tech.

[UPDATE: No "Denial of Service attack" (DoS/DDoS) has been successful and the E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference. Till now, leakage of data through none of the service providers of IRCTC has been established, according to IRCTC.]

The hacking speculations started after Maharashtra Cyber Cell was reportedly informed about a CD containing phone numbers, date of birth and other such information of IRCTC users being sold for Rs 15,000 in the market.

This raised fears about data of lakhs of IRCTC users being compromised.

Most of the time when you get ‘no room’ on the IRCTC website while trying to book train tickets, it’s not due to the massive rush but software which hack the site to make tickets available online.



"We have requested the state's Cyber Cell to provide us the data. Once we get the data, only then we can verify whether the data belongs to IRCTC or not," said Dutta.

Dutta added, "The data can also belong to someone else and may be it is being sold in the market in the name of IRCTC to malign us."

The IRCTC website is maintained by Centre for Railway Information Systems, which is a part of the Ministry of Railways.

There are also media reports claiming that Maharashtra government has identified the hackers who were selling these details.


Though it takes at least 35 seconds to fill the form and perform the online bank transaction, there were cases of faster bookings by touts using certain automated software and thereby depriving genuine passengers. This measure will ensure such unauthorized means of booking tickers.



Earlier, AK Manocha, managing director of IRCTC, told Mumbai Mirror that though there has been no official complaint regarding data hacking he has written to Delhi police's Cyber Cell to look into the matter.

IRCTC is India's largest e-commerce website. Lakhs of transactions take place daily on the website. Customers share details like PAN card, DoB, etc on it ile booking tickets.

Here is the official statement from IRCTC:


The News Reports have appeared in some Electronic and Print media regarding alleged leakage of email and mobile numbers from user profile data of IRCTC E-ticketing system. Indian Railway Catering and Tourism corporation (IRCTC) is a PSU of Indian Railways. Its website irctc.co.in is used for purchasing Railway E-Tickets-ticketing system is managed in-house by CRIS, the IT arm of Indian Railways. The Data centre is in the premises of CRIS. As soon as the matter came to notice of Railways on 02/05/2016, thorough investigations were conducted to detect veracity of the news, however, no such incident has been detected by the technical teams of Centre for Railway Information Systems (CRIS) and Indian Railway Catering and Tourism Corporation (IRCTC).

No "Denial of Service attack" (DoS/DDoS) has been successful and the E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference. About 5.48 lakh tickets were booked in a single day in April 2016 with 2.66 lakh peak concurrent users. About 13,600 tickets per minute were booked.
The E-ticketing system has several components viz., internet gateway, network security devices such as gateway router and Firewall, Application Delivery Controller, Security Information Event Management System (SIEM) web server and database server access logs. Each of the components has been checked and none of the components has been found to have unusual activity. Technical investigations have also not indicated any unusual activity with respect to various system components.
The IT security of E-ticketing system is ensured through regular security audits by Standardization Testing Quality Certification (STQC) directorate of Department of Electronics and IT, Government of India. The entire traffic flowing on E-ticketing system internet gateway is also forwarded to CERT-In in real-time for monitoring and alerting. The gaps reported by STQC in their penetration testing have been addressed. However, auditing is an ongoing process and security audit of E-ticketing system is undertaken biannually.

Audit trails are maintained for access to the system and all sensitive data like passwords etc are stored in encrypted form. In addition to this, 24x7 monitoring of the system is done throughout the year by technical team of experts. Strict physical checks are already in place in the Data centre like restricted access to Data centre, CCTV cameras at entry and exit points of Data centre.

The data of E-ticketing system can be broadly categorized into two categories viz., sensitive information like Debit/Credit Card details, Login ID, Passwords, which could cause potential financial risk. PAN card detail is not required for booking E-ticket. No sensitive data has been alleged to have been leaked.



It is clarified that other data like mobile number and email ids is available with a large number of electronic service providing entities viz., E-commerce firms, telemarketers etc. Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services, etc. Till now, leakage of data through none of the service providers of IRCTC has been established.[h=2]Top Comment[/h]This is the Koo Karma of the GooJoo Mafia .. .. irctc is telling all lies .... they have "Sold" the data and also the same has happened with Aadhaar ... as there are Riots to be carried out... Read MoreThis is the Koo Karma of the GooJoo Mafia .. .. irctc is telling all lies .... they have "Sold" the data and also the same has happened with Aadhaar ... as there are Riots to be carried out .... and targets to be be "Marked" ..... the same happened during Jhat Agitation and also the Patidar agitation ... if the same was reported of Amazon or Flipkart , their Officials would have been jailed and On Line Shopping would also be banned ... So .. this is a COnspiracy also against "On LIne Shopping" Websites by this GooJoo Mafia ....GooJoo Mafia Strikes Again





A joint committee comprising of officers from both CRIS and IRCTC has been set up. The committee in their preliminary report has not found any indication of breach of security in any of the databases of the E‑ticketing system. Further investigations by this committee is in progress and once the purported leaked data is made available, further checks will be conducted.
http://timesofindia.indiatimes.com/...ite-hack-says-is-verifying-data-theft-claims/
 
why keep debit card number pin etc in irctc? i always type for each transaction and with two stage verification by visa/master it is difficult to pay through net. especially PSU banks follow 3 stage verification.
retyping for every transaction takes only a few minutes and is not a tiresome activity.
Further IRCTC has clarified that nothing happened.
finally GOI goes for lowest quote for shortlisting vendors. so ... ( i don't want to add any thing)

That too with discount.
 
Status
Not open for further replies.
Top
Thank you for visiting TamilBrahmins.com

You seem to have an Ad Blocker on.

We depend on advertising to keep our content free for you. Please consider whitelisting us in your ad blocker so that we can continue to provide the content you have come here to enjoy.

Alternatively, consider upgrading your account to enjoy an ad-free experience along with numerous other benefits. To upgrade your account, please visit the account upgrades page

You can also donate financially if you can. Please Click Here on how you can do that.

I've Disabled AdBlock    No Thanks