In Malaysia, we have several online portals that manages online bookings for bus transportation. Some of these portals also integrate it with bookings for trains and hotels.
For owners of these portals, we wish to highlight a news in India where due to a vulnerability on its website, hackers have been accessing the Uttar Pradesh State Road Transport Corporation (UPSRTC) for years, accessing millions of customer data including names, mobile number, address, date of birth, personally identifiable information (PII), partial debit and credit card number, transaction and booking details.
UPSRTC currently manages the booking of the highest fleet of buses in North India.
Hackers apparently used a SQL injection in a URL parameter, which let the hacker easily access the complete database and all its information.
The same could happen to the portals in Malaysia as these portals holds thousands or millions of passengers details.