Redbus hacked or not, it is high time to discuss data breach disclosures

Jayadevan PK October 18, 2016 2 min

An anonymous online group has claimed that it has hacked India’s largest online bus ticketing website redBus.

The company, which has over 70% marketshare in online bus ticketing, is yet to confirm or deny the hack.

After it became a raging debate on reddit, and a user asked redBus, the company put out a Tweet denying the hack. It was then hastily deleted.

We don’t know what exactly the first Tweet said but in a subsequent reply, redBus said: “Sorry, we were a bit hasty in our earlier response. Our tech team is looking into this issue on priority.”

It still hasn’t issued a statement warning users of the consequences of such a hack. A reddit user, who claimed to be from redBus’ engineering team posted on the thread that the company is working with “the ethical hacking community” to investigate the hack.

We’ve written to redBus for a statement and will update this post when we hear from them.

There have been a series of high profile hacks in the recent past, including that of LinkedIn, Yahoo, MySpace and Dropbox. While some companies try to hush it up, some are more proactive with disclosures. Unlike the United States and in Europe, India doesn’t have any laws that require companies to disclose security or data breaches, putting users in more danger.

Meanwhile, you can check if your e-mail has been compromised on this site (Note: It isn’t up to date with the redBus hack).

Update (10.15 am, IST): We just heard back from redBus. Prakash Sangam, CEO of redBus said: “redBus websites and mobile applications have been absolutely secure and running without any interruption whatsoever.”

The company said it is aware of a potential data breach that may have compromised some of its user emails. Sangam said that the company is investigating the breach and pointed out that user passwords are hashed and stored securely. “We don’t store payment details on our systems at all,” Sangam told FactorDaily.