Updated at October 18, 2016:
redBus confirms hack but says only a server containing logs were compromised. No user passwords or other personal details were leaked.
“Please note that redBus is committed to providing the best security for all user information on our platforms. All passwords are hashed and stored securely and our users can be rest assured that we don’t store payment details on our systems at all.
We are working with the ethical hacking community to investigate this further. We will update as soon as we have more information.” commented Phaneesh, redBus.
Updated at October 23, 2016:
“redBus websites and mobile applications have been absolutely secure and running without any interruption whatsoever.” said Prakash Sangam, CEO of redBus to Factor Daily.
Our original story from Sunday, October 23, 2016, follows:
Time to change your password. India’s popular travel site for bus tickets redBus.in allegedly got hacked during September 2016. Users personal information including email ID ’s and other details being dumped on to the underground market ‘Darknet‘.
The redBus hack was first reported in Reddit [reddit.com/india]. The hack seems to happen on 9th September 2016 and database dump been spotted on 15th September 2016. Around 13.72 GB of data has been dumped onto the darknet. The hacked database includes around 673,491,695 lines of text comprising around 4,116,187 email IDs of redBus users.
redBus seems to be unaware of this database breach, as there was no warning from the company till now. Their Twitter support recently tweeted to a user question about the hack saying their tech team is looking into the issue on priority.
At this point, there seems to be less clarity on what all type of user data has been compromised during the breach. If you want to check your email IDs been compromised or not, head over to hacked emails [hacked-emails.com/anon-redbusinlogs] and input your email IDs.
We will update this post as new reports come in…