SpiceJet Database Breach Exposed Details of Over 1.2 Million Passengers: Report

The SpiceJet breach was by a security researcher who is not being named, as they likely violated US computer hacking laws.

Advertisement
By Abhinav Lal | Updated: 30 January 2020 22:45 IST
Highlights
  • SpiceJet confirmed the security lapse to TechCrunch
  • It's uncertain whether the exposed passenger data was leaked
  • SpiceJet said to fix the breach after being contacted by CERT-In

SpiceJet has provided a statement in response but has not confirmed the breach

Photo Credit: Facebook/ SpiceJet

SpiceJet was reportedly affected by a security flaw that exposed private details of more than 1.2 million passengers, including flight information. The information is said to have been found in an unencrypted database file after a security researcher gained access to a SpiceJet system by brute forcing the password. For now, details about the hack remain scarce, and the low-cost Indian airline has not revealed much in the boilerplate statement it provided in response to the report.

As reported by TechCrunch, the breach was by a security researcher who the publication is not naming, as they likely violated US computer hacking laws. The report elaborates to claim the researcher gained access to one of SpiceJet's systems by brute-forcing what's being termed as an "easily-guessable password." The system contained an unencrypted backup file with private details of over 1.2 million passengers, as of last month, including a rolling month's worth details such as name, phone number, email address, date of birth, and flight information.

Advertisement

The report adds the researcher had described their breach as "ethical hacking", and had contacted SpiceJet, but never received a "meaningful response" from the airline. It was only after the Ministry of Electronics and Information Technology's (MeitY) Indian Computer Emergency Response Team (CERT-In) was notified, independently confirmed the researcher's findings, and then alerted SpiceJet, that the breach was fixed.

Gadgets 360 reached out to SpiceJet spokesperson to comment on the security flaw. With the researcher themselves being reported to breach the system and gaining access to the database, the security lapse could perhaps be better termed as a vulnerability than a breach itself. It remains uncertain whether the data was leaked, or the 'ethical hackers' ensured that the database didn't get into the wrong hands, and responsibly saw that the issue was fixed.

We received a statement from a SpiceJet in response to our query, stating there had been no breach, "There was data breach in any of SpiceJet's servers. At SpiceJet, safety and security of our fliers' data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers' data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level."

Editor's note: A previous version of this article stated that SpiceJet has confirmed to TechCrunch that the security lapse took place. The publication has since modified the article to remove all mentions of the confirmation, and we've made changes to reflect this upon clarification from SpiceJet.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: SpiceJet, Hack, CERT In, MeitY
Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  2. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  3. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  5. Everything We Know About the Nothing Phone 4b
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.