| Developers: | Russian Railways (RR) |
| Branches: | Transport |
| Technology: | CRM - Loyalty systems |
2020: Date leak of 1.36 million participants of the program
In November, 2020 it became known of date leak of 1.36 million participants of the loyalty program "the Russian Railway the Bonus". It turned out that the staff of the company left the file with the database directly in the root directory, the founder of service of search of leaks and monitoring of the Darknet of DLBI Ashot Oganesyan reported.
According to him, the backup copy (backup) of a MySQL-dump with the database of the website Russian Railway Bonus about 2.4 GB in size (rzd-bonus.ru) for some unclear reason was laid out by the administrator in a website root. It turned out that at least several people managed to download it until as the website became unavailable. In addition in the same place were placed and available to preserving: the bash-script in which the way to a dump of the database was registered and was the login and a user password and also the private RSA key.
Ashot Oganesyan says that the database of clients of the Russian Railway was widely adopted on the Internet – it is in free access at many profile forums.
The press service of the Russian Railway said that the attempt of cracking of the Russian Railway Bonus system was detected, however access to personal data of users was succeeded to prevent the companies.
 | On November 6 the attempt of cracking of the loyalty program "the Russian Railway the Bonus" during which the malefactor managed to get access only to the office file containing in encrypted form of the e-mail address of users is recorded. The security system prevented access to personal data of participants. An incident does not threaten safety of personal data of users and also points on customer accounts — TASS with reference to the press service of the Russian Railway reports. |  |
The Russian Railway reported that after attempt of cracking protective measures were held, and the operability of the program managed to be recovered to evening of Saturday, November 7, 2020.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |