Onetwotrip ticket booking system users’ data leak

24.08.2022

Back to news

According to the security researcher Bob Diachenko, OneTwoTrip ticket booking system users' data leaked to the internet.

The set contained the following data:

•    Email
•    Name
•    Passport details
•    Mobile phone numbers
•    Passwords
•    Trip details
•    Some details of payment.

According to the statement, Elasticsearch server, which contained data on company’s clients had been freely accessible for a few days on a specific web site. The exact amount of the data leaked is still unknown. It’s also unclear yet, if the data leaked was obtained and somehow processed.

OneTwoTrip CTO blamed recently introduced “change, that broke f/wall rules led to an open port”. The company representative also stated, that “no evidence of data leakage was found”.