Cleartrip, one of the popular travel-booking platforms in India, has confirmed a data breach after hackers claimed to post the stolen data on the dark web.
Responding to a request for comment by TC based on a tip shared by a security researcher, Cleartrip said it is taking legal action against the hackers.
“We have identified a security anomaly in a few of our internal systems,” a Cleartrip spokesperson told TC in a prepared statement. (The spokesperson did not provide their name.) “Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”
Exact details of the stolen data — and if the data is of a sensitive nature — are not immediately known.
Security researcher Sunny Nehra informed TC about the data breach on Monday morning. The researcher said the hackers were selling the data on a private, invite-only forum on the dark web. However, the exact price at which the data was put on sale was not mentioned in the post, the security researcher said.
The said post was pulled just hours after it was published on the forum.
TC contacted Cleartrip after looking at a screenshot shared by Nehra, apparently indicating the data breach incident.
“Looking at the file names in the screenshot that was posted by the threat actor, one can analyze the scope of the breach,” Nehra said.
He added by saying that it appeared that the hackers obtained all Cleartrip data.
“Apart from files seemingly having customer info, revenues, etc., there are also files including ‘GST on advance working’ which raise many questions about involvement of some insider,” Nehra said.
The files put on sale by the hackers also included the ones from June, suggesting that the data was stolen recently, the security researcher told TC.
Nehra also reported the incident to India’s CERT-In.
Cleartrip started informing users about the breach in an ambiguous tone, without revealing any specifics on which data was accessed by the hackers.
“We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems,” the company said in its email.
Cleartrip also advised users to reset their account password “as a precautionary measure,” it said. “We regret the inconvenience caused,” the company said.
Founded back in 2006, Cleartrip was acquired by Walmart-owned Flipkart in April last year. The company enables bookings of flights and hotels through its platform that is accessible through the Web as well as native mobile apps.