Skip to content
Cyber Breaches
Search
Data breachResolved

Indian Railways data breach (2019)

In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

Victim
Indian Railways
records
583.4K
SectorRetail
CountryIndia

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2019-10-28, Indian Railways was affected by a data breach. Approximately 583,377 accounts were exposed. In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#IndianRailways
  2. indianrails.inhttps://indianrails.in

Related incidents

Data breachResolved

LBB data breach (2019)

In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to…

Victim
LBB
Records
39.3K
Data breachResolved

Elanic data breach (2018)

In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the…

Victim
Elanic
Records
2.3M
Data breachResolved

Benchmark data breach (2019)

In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes.

Victim
Benchmark
Records
93.3K
Data breachResolved

StarTribune data breach (2019)

In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes.

Victim
StarTribune
Records
2.2M