Real-time location data for over 11,000 Indian buses left exposed online

[ Jan 08, 2019 ]

Researcher finds real-time GPS and bus route information from 27 Indian transportation agencies left exposed online via an ElasticSearch server.Over 11,000 buses in India have been left exposed on the internet for over three weeks.
The server contained data aggregated from 27 Indian state-owned transportation agencies and included exact, real-time GPS coordinates and route information from buses across all India, active on both inter and intra-city routes.
For buses, the server usually contained details such as license plates, start-stop stations, route names, and GPS coordinates.
The collected data was different for each transportation agency, and in some cases, it also included details about commuters, such as usernames and emails.
There are various reasons why this leak is quite worrisome. For starters, leaking usernames and emails would allow the tracking of certain individuals as they move around a city. Second, there’s also the annoyance of having the leaked emails added to spam lists. Third, India is still a country where terrorist attacks happen on an annual basis, and leaking bus real-time route information would certainly help threat actors fine-tune attack plans for maximum damage ahead of time.

Cyber Security Tips :
– To avoid such data breach Service providers should harden theirs servers. Apply all cyber security measures & Patches with latest updates.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: