New Delhi: The Indian Railways Catering and Tourism Corporation (IRCTC) is in news again and this time reportedly for a glitch that allowed hackers to cancel the booked train tickets of passengers.
As per a cyber-security enthusiast, the official website of IRCTC is vulnerable to hacking. He said that ‘innumerable attempts options to reset a password for the ticket bookers enables a cyber-criminal to use brute-force technique and crack open the consumers’ account and cancel the booked tickets’.
“IRCTC despite having Captcha, a protocol to differentiate a human from a computer-based cyber attack, is still vulnerable to hacking and cause inconvenience to the consumers. Thanks to innumerable attempts options to reset a password for the ticket bookers, a cyber-criminal can use brute-force technique to crack open their account and cancel the booked tickets,” Fossbytes quoted cyber-security enthusiast Ronnie T Baby as saying.
Notably, to book a train ticket through IRCTC, a user needs to enter a 6-digit One Time Password (OTP). But, as the website was corrupted due to a bug, cyber-criminals easily reset the password with the help of a sophisticated algorithm and gain access to the personal account of the user.
Meanwhile, the issue was discovered at an early stage by the IRCTC. If media reports are to be believed, the Indian Railways has taken appropriate steps in fixing the glitch hence, ascertaining the safety of the users’ personal account on the official website of IRCTC.
This is not the first time that a bug was discovered in IRCTC website. Earlier in August 2018, a security researcher named Avinash Jain came across a similar problem in the official website and mobile app of IRCTC. On the other hand in 2016, details of over 1 crore users were allegedly leaked by cyber-criminals who had attacked the IRCTC website.