RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

OneTwoTrip

Company

width=200px

Content

History

2022: User Data Leak

Travel planning service OneTwoTrip has confirmed the existence of a vulnerability that caused a data leak. The company also announced on August 24, 2022 that the fault had been fixed.

On August 2, 2022, information security researcher Bob Dyachenko wrote about the open OneTwoTrip database in his Twitter blog. According to the expert, information about e-mail, names, passports, phones, payment information, travel and passwords was in the public domain.

OneTwoTrip confirms hole that caused data breach

For several days, it is alleged that an elasticsearch server with information about the company's clients was freely available. The exact number of leaked data is unknown, usually part of the data that was processed on these dates falls into such indices. It is currently unknown whether the leaked information was downloaded and processed.

According to Dyachenko, the CTO of OneTwoTrip attributed this to "a change made a few days ago that violated firewall rules and provoked the opening of the port."

File:Aquote1.png
At the moment, we record that there is no leakage of personal data of OneTwoTrip customers. There was a vulnerability, we fixed it. The database with client data was not vulnerable. The vulnerability concerned data on the activity of some users of the service in a short period of time. Among the vulnerable data were not those that are necessary for entering the personal account and customer card data, the company said in a statement quoted by RIA Novosti on August 24, 2022.
File:Aquote2.png

The service added that nothing threatens the personal data of customers. Representatives of OneTwoTrip did not disclose the number of users whose data was compromised.[1]

Notes

Шаблон:Remarks