A 17-year-old boy named Ranganathan who hails from Chennai’s Tambaram has helped the Indian Railway Catering and Tourism Corporation fix a bug in its online ticketing platform. This bug could have exposed millions of passengers and their private information to a third party or hackers.
The boy said that there was an issue on the website which helped him to access the journey details of other passengers in the train.
The boy said that while he was logging into the IRCTC site for booking a ticket, he found out that he can gain access to the details of other people. This could have compromised the security features of the website and may have leaked data of thousands of passengers. This bug helped him to gain details which included name, age, gender, PNR number, train details, departure station, and date of journey etc.
He pointed out that as the back end code was the same, a hacker could have ordered food in the name of another passenger, changed the boarding station, and even cancelled the ticket without the knowledge of the passenger.
Railway authorities said that they reported the matter to the Computer Emergency Response Team and the problem was fixed in five days.