Onetwotrip ticket booking system users’ data leak

According to the security researcher Bob Diachenko, OneTwoTrip ticket booking system users' data leaked to the internet.

The set contained the following data:

•    Email
•    Name
•    Passport details
•    Mobile phone numbers
•    Passwords
•    Trip details
•    Some details of payment.

According to the statement, Elasticsearch server, which contained data on company’s clients had been freely accessible for a few days on a specific web site. The exact amount of the data leaked is still unknown. It’s also unclear yet, if the data leaked was obtained and somehow processed.

OneTwoTrip CTO blamed recently introduced “change, that broke f/wall rules led to an open port”. The company representative also stated, that “no evidence of data leakage was found”. 

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.