India’s newest airline company, Akasa Air, has warned its users about unauthorised access to their systems. The Rakesh Jhunjhunwala-backed airline based in Mumbai, India, is the latest addition to the country’s aviation industry.
The company set its scheduled operation last July, but it officially started deploying aircraft earlier this month (August 7). Unfortunately, the new aviation firm has encountered turbulence in its online operation despite being only a nearly month-old company.
Our researchers from iZOOlogic noticed that Akasa Air updated its users and the Indian CERT-In team about a temporary “technical configuration error” related to their login and sign-up service that occurred in its network last weekend.
One of our threat analysts discovered that Akasa Air self-notified the Indian Computer Response Team about the data breach attack after a technical configuration mistake happened in their login and sign-up services. The unauthorised access got ahold of user information limited to names, email addresses, phone numbers, and gender.
The company revealed that the data breach has not resulted in acquiring essential information such as travel-related data, travel records, or payment transactions/information.
Our researchers have yet to find proof of information misuse or data leak from other sources. However, we still advise users to be cautious about potential phishing threats since the attackers compromised phone numbers and emails.
Akasa Air also added that the cybersecurity breach was executed without the intention of hacking since it was quickly discovered and lacked sophistication. It also emphasised that it wanted to be as transparent as possible to its customers, which is why they are revealing this issue to the public.
The new Indian airline also said they would employ a more robust cybersecurity solution to aid them with their operations. A company spokesperson then elaborated that they would continue to engage with cybersecurity experts, researchers, and partners to strengthen its defences against similar cases in the future.
Akasa Air assured everyone that they are conducting an extensive protocol to minimise the damage of such threats.
Our cybersecurity researchers are looking for potential data misuse and the possible effects of the data breach incident against Akasa Air.