SpiceJet Breach Has Exposed Data of 1.2 Million Users: Report

The latest data breach episode was revealed by a security researcher, who was able to access user data with ease.

Tech News
2 min read
SpiceJet Breach Has Exposed Data of  1.2 Million Users: Report

The Quint DAILY

For impactful stories you just can’t miss

By subscribing you agree to our Privacy Policy

A data breach has hit one of India's largest privately-held carriers, SpiceJet, affecting 1.2 million passengers in the country.

Security researchers who first revealed the data breach told TechCrunch that they gained access to the carrier's systems by brute-forcing the system's easily guessable password.

The private information of more than 1.2 million passengers were contained on an unencrypted database backup file of SpiceJet's systems, according to the report.

The details that the security researchers got access to as part of what they described as their "ethical hacking" efforts included the passenger's name, their phone number, email address and their date of birth.


According to the security researchers, the database was easily accessible to everyone who knew where to look.

Despite alerting SpiceJet about the data base, the researchers said they did not receive a meaningful response from the carrier. This led them to alert the Indian Computer Emergency Response Team (CERT-In).

In a statement, SpiceJet said: "At SpiceJet, safety and security of our fliers' data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers' data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level".

The aviation major, however, did not confirm CERT-In's findings.

This isn’t the first time when an Indian entity has not confirmed the allegations of a data breach at its end. Airtel’s mobile app in 2019 was reported to have a bug which had exposed data of over 1 million users.

The flaw was discovered in one of the Application Program Interfaces (APIs) of the Airtel mobile app, which is used by millions in the country, which has access to their email ID, the International Mobile Equipment Identity or IMEI number, name and confidential details like date of birth as well.

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read and Breaking News at the Quint, browse for more from tech-and-auto and tech-news

Speaking truth to power requires allies like you.
Become a Member

or more


3 months
12 months
12 months
Check Member Benefits
Read More
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!
More News