The target: SpiceJet, one of India’s largest privately owned airlines.
The take: Private information of more than 1.2 million passengers including: Full names, phone number, email address, date of birth and a month’s worth of flight information.
The attack vector: SpiceJet’s IT systems were cracked through a brute-force attack of an extremely weak password. Once the system was penetrated, an unencrypted database backup file was discovered containing the millions of readable records.
This breach highlights the importance of secure password practices which should be applied at all levels across a firm. In addition, wherever personally identifiable information is concerned, extra care is advised as their compromise can enable highly effective phishing campaigns and identity theft.