[ Jan 08, 2019 ]
Researcher finds real-time GPS and bus route information from 27 Indian transportation agencies left exposed online via an ElasticSearch server.Over 11,000 buses in India have been left exposed on the internet for over three weeks.
The server contained data aggregated from 27 Indian state-owned transportation agencies and included exact, real-time GPS coordinates and route information from buses across all India, active on both inter and intra-city routes.
For buses, the server usually contained details such as license plates, start-stop stations, route names, and GPS coordinates.
The collected data was different for each transportation agency, and in some cases, it also included details about commuters, such as usernames and emails.
There are various reasons why this leak is quite worrisome. For starters, leaking usernames and emails would allow the tracking of certain individuals as they move around a city. Second, there’s also the annoyance of having the leaked emails added to spam lists. Third, India is still a country where terrorist attacks happen on an annual basis, and leaking bus real-time route information would certainly help threat actors fine-tune attack plans for maximum damage ahead of time.
Cyber Security Tips :
– To avoid such data breach Service providers should harden theirs servers. Apply all cyber security measures & Patches with latest updates.