A Glitch in an Indian Railway Website allowed unlimited login attempts

2019, Breaches, February

Who: Indian Railways Catering & Tourism Corporation (IRCTC)

When did it happen: February 24, 2019

What was affected: OTP – One TIme Password. Bookings of customers

How it happened: A glitch in IRCTC’s website allows users the innumerable attempts to log in to the account despite repeated wrong password and OTP. This apparently helps hackers to cancel the booked train tickets and cause inconvenience to the passengers.

Outcome: Railways, unlike before has, reportedly fixed the glitch that allows users the innumerable attempts to log in to the account despite repeated wrong password and OTP.