Hacker Orders Food For A Low Price From IRCTC Website Then Informs Them Of The Flaw

A hacker from Ahmedabad managed to hack into the Indian Railway Catering and Tourism Corporation (IRCTC) website and order food for a very low price and then informed the corporation of the flaw says a report by the Ahmedabad Mirror. The report further says that the hacker had hacked the website using basic skills and yet no action was taken by the IRCTC.

Hacking For Food

The report by Ahmedabad Mirror further talks about how the hacker had informed the IRCTC officials that two other websites of theirs can be easily hacked into and one of them, the e-catering site is the only one which has been secured so far. The hacker Kanishk Sanjani has hacked into the Air India website before this and gained global attention and this time he ordered food for a surprisingly low amount from the IRCTC website.

Hacker Orders Food For A Low Price From IRCTC Website Then Informs Them Of The Flaw

“My first order was kadhai chicken worth Rs 163 for which I paid Rs 1.03 from Mobikwik wallet. Then, I placed a second order of butter naan worth Rs 68 for which I paid Rs 6.12 through Paytm,” Sanjani told Ahmedabad Mirror. “I was waiting for IRCTC to take corrective action so that the flaw could not be misused. They repaired the breach on February 3, 2018,” he added.

Sanjani clarified why he used two different payment methods by saying, “If I had only done it through one, officials could have said the problem was just with the mode of payment. However, I had to prove that the website itself was vulnerable to attacks. If I can do it just to show the officials that it can be done, anyone with basic skills can also do it. Who knows if they haven’t been doing it till the flaw was rectified?”