Cleartrip, a popular travel-booking platform in India, has confirmed a data breach after hackers claimed to post the stolen data on the dark web.
Cleartrip said it is taking legal action against the hackers after it received a tip.
Cleartrip identified a security flaw in a few of their internal systems. They didn't give their name. The information security team is investigating the matter with a leading external forensics partner. Appropriate legal action and recourse are being evaluated.
It's not clear if the data is sensitive or not.
The data breach was reported by a security researcher. The researcher said the data was being sold on a forum on the dark web. The price at which the data was put on sale was not mentioned in the post.
Hours after it was published, the post was taken down.
The data breach incident is said to have been caused by Nehra's screenshot.
Nehra said that one could analyze the scope of the breach by looking at the file names in the screenshot.
He said that it appeared that the hackers got all the Cleartrip data.
There are files with customer info, revenues, etc., which raises many questions about involvement of some insider.
According to a security researcher, the data from June was included in the files that were sold by the hackers.
Nehra reported the incident to India's CERT- In.
Cleartrip didn't reveal any information about which data was accessed by the hackers.
The company said in its email that no sensitive information has been compromised as a result of the anomalies in the systems.
Cleartrip advised users to change their passwords as a precautionary measure. The company apologized.
Walmart bought Cleartrip in April last year. It is possible to book flights and hotels through the company's platform that is accessible through the web and native mobile apps.
Flipkart to acquire online travel firm Cleartrip