ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Indian Railways Data Breach

indianrails.in
Limited exposure
Verified breach Passwords exposed
Accounts exposed 583,377
Breach date 28 Oct 2019
Added to tracker 10 Jan 2020
Data classes 3

What happened

In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

Exposed data

Email addresses Passwords Usernames

Recommended actions

  • Change your Indian Railways password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Indian Railways โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP