Akasa Air, exposed the personal data of thousands of its customers because of a technical glitch that affected its login and sign-up service.
The exposed data, included full names, gender, email addresses and phone numbers of customers signing up and logging in on the Akasa Air website.
The researcher found an HTTP request disclosing the data minutes after looking at Akasa Air’s website on its inaugural day on August 7.
He had initially tried to communicate with the security team at the Mumbai-based airline directly but did not find a direct contact.
The airline also said the exposed data did not include travel-related information or payment records.
Additionally, the airline told TechCrunch that it carried additional reviews to ensure the security of all its systems.
“I am glad the airline fixed the issue on short notice and reported it to CERT-In as well as informed its customers about the incident, which is an exemplary step,” the researcher said.
SWIPE UP TO EXPLORE