On 16th Oct, I read on web somewhere that, India's very popular bus and hotel booking site RedBus.in's database has been hacked. As I also uses RedBus service regularly, for the sake of curiosity, I dig out more whether this news is correct or fake, I took a peek on account hacks/breach whistle blowing site hacked-emails.com and verified it with my own mail ID.
And, that was correct. The breached data statistics is there. It says that, breach was done on 9th Oct and it got listed on site on 15th Oct. More than 13.72GB of user data including customer email IDs.
- Breach Statistics -
As, all these were unofficial news and RedBus had not declared the breach officially, I didn't took this news much serious. But, today morning, I got the mail from RedBus stating they found unauthorized access to site's databases and cleared that the customer's mail IDs may have been compromised.
- RedBus's official statement -
However, this breach is not a big issue as RedBus always stores hashed passwords rather than plain text passwords. Also, they never stores customer's transnational credentials such as credit/debit card details. That's what I liked very much about RedBus.
Now, just for security purpose, I am going to change my RedBus account password (...though, it is not absolutely required). Now, go fast and change your password also. Also, say thanks to RedBus giving very simple and sweet booking service and not to storing your any of your confidential data.