Four million email ids leaked? RedBus to look into hacking claims

Online travel giant ibibo Group owned ticketing platform RedBus was allegedly hacked last month resulting in user information such as email ids and passwords being dumped onto the darkweb.

Based on a conversation on online community Reddit, over four million email ids have been leaked, but the company hadn’t issued any notification to users to reset their passwords. RedBus was informed of the hack only on Monday when a user posted the Reddit thread on Twitter questioning the company.

“Yesterday, we were made aware via a Reddit forum that there could be a potential data breach that may have compromised some of our user email ids. We are investigating this at the moment,” said Prakash Sangam, Chief Executive of RedBus, in an email response.

He added that the company stored sensitive information such as passwords securely and that payment details were not stored on RedBus’ systems. Technology and gadget magazine Digit reported about the hack first on October 17.

A person on the Reddit thread claiming to be an engineer at RedBus said that the company was working with ethical hackers to ascertain if there was a data breach. The company said that it was looking into the issue and that its “top priority” is to figure out if its systems had been hacked and would alert on further developments by Tuesday evening.

Indian technology companies are increasingly becoming the targets of cyber attacks with music streaming site, food-tech startup InnerChef becoming victims of data leaks in recent past. Vulnerabilities have also been found in systems of Ola and Zomato which were exposed by ethical hackers who have alerted companies.

In 2015, ethical hacker Shubham Paramhans who hacked Ola claimed that the company responded rudely when he reached out to them. He went on to write a post on Medium about his conquest which gained significant prominence in the media. Following this, Ola formally announced its bug bounty programme that would reward people for finding vulnerabilities in its service.

All large global technology companies have bug bounty programs with Google and Facebook being among the largest. Indian tech firms too are following in their footsteps these days, tapping into communities of ethical hackers in order to avoid data breaches.


Leave a Reply