Hitachi's UK plant looks to the world market
Sliding seats could enable passenger trains to carry goods
A1 No 60163 Tornado does 100mph
Rail Alliance drives Midlands Engine
GB Railfreight to implement Ideagen safety software
UAV survey company Bridgeway Aerial takes off
Fire at Euston Station causes nationwide rail disruption
DB Cargo UK confirms job cuts and reform
Subsea cable fault detection demonstrated to rail industry
HS2 rolling stock procurement moves forward
UK-based Network Rail has confirmed that the personal details of commuters using free Wi-Fi at railway stations were exposed online.
According to the BBC, the exposed data includes email addresses and travel histories of around 10,000 people. Internet service provider C3UK has also admitted the leak.
Affected stations include Harlow Mill, Chelmsford, Burnham, Norwich and London Bridge among others.
The confirmation comes after security researcher Jeremiah Fowler found the database containing traveller data on unsecured Amazon web services storage.
The database contained 146 million records and was not password protected. It also included details about the type of software used by connected devices.
Subsequently, C3UK secured the exposed database.
The internet service provider was quoted as saying: “To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available.”
According to the BBC report, C3UK chose not to inform data regulator Information Commissioner’s Office (ICO) after learning about the leak, as it identified the incident as a ‘low-risk potential vulnerability’.
However, experts believe that the exposed travellers can become a victim of phishing attacks, malware attacks and spamming.
CybSafe CEO Oz Alashe said: “C3UK is just the latest in a long line of organisations that have suffered a data leak as a result of incorrect database configurations.
“In the case of C3UK, the compromised information appears to be limited to email addresses and travel details only.
“Nevertheless, such information could still be leveraged for phishing attacks and targeted spear-phishing attacks.”
The post Network Rail admits online exposure of Wi-Fi user data appeared first on Railway Technology.
This article first appeared on www.railway-technology.com
About this website
Railpage version 3.10.0.0037
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest is © 2003-2021 Interactive Omnimedia Pty Ltd.
You can syndicate our news using one of the RSS feeds.