BREAKING!!! - Air India unit - Centaur Hotels' website insecure - allows access to guests' passports, ID's, credit cards

The next time you check in to the Centaur Hotel at IGI airport New Delhi, and hand over your passport and/or credit card, beware!!!!, you ar...

The next time you check in to the Centaur Hotel at IGI airport New Delhi, and hand over your passport and/or credit card, beware!!!!, you are exposing your personal information to the whole world.

At a time when the Government of India is imposing draconian rules on internet services providers, and battles are raging on the issue of privacy, or the lack thereof, the website of Centaur Hotels (www.centaurhotels.com) is allowing access to hundreds of passport copies, credit cards, and other forms of personal identification of their guests staying at New Delhi IGI airport property.



The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India's national carrier Air India which in turn is 100% owned by the Government of India.

This is an unbelievable shocking failure to enforce even the most basic internet security norms at any level. It requires no special skills and the link is out there in the open. A young student known to me, downloaded all the passport copies and some copies of credit cards within a few minutes without any special tools.

In the midst of the Incredible India tourism campaign, no visitor to the hotel is immune, Indian or foreign. This is situation is just "Incredible Air India".

The website shows the site manager as one Capt. Samarth Singh who is the CEO of a firm called Hybrid Content. Capt. Singh's Linkedin profile and individual profile.

Calls to Air India were unanswered. Bangalore Aviation contacted the executive manager of the particular Centaur property who responded "please send us your complaint in writing and we will look in to it." Such a callous disregard is just unheard of in the hospitality industry.

Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said
"The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has not been removed from the Centaur Hotel's website. Any further clarifications may be entertained in presence of all three parties i.e. Centaur Hotels, S. Naidu Pvt. Ltd. and Hybrid Content."
Capt. Singh was unable to indicate for how long this vulnerability existed and how many guests have had their personal details compromised. He did say he would take immediate corrective action which could include pulling down the website.

At Bangalore Aviation we would still like to protect the details of individuals, so we are not disclosing the specific URL that is vulnerable, but below are samples of the copies of hundreds of personal documents and credit cards available on the site.

Related

Ryanair enhances consumer security on Ryanair.com

Earlier today, European ultra-low cost carrier (ULCC) Ryanair launched a new customer verification system on the Ryanair.com website. Find the details below. 20th August 2013Ryanair, Europe’s onl...

Bangalore Aviation site changes: Your feedback is requested

Dear ReadersOver the last few weeks, we at Bangalore Aviation have been trying a few tweaks here and there.We invite your feedback on whether the site is the same, better, worse? What can we do to imp...

Guest post: Vishal Mehra's list of top commercial aviation blogs, websites, and resources

Today, we feature a guest post by a regular reader of Bangalore Aviation, Vishal Mehra, a Digital Marketer by profession, and an aviation geek by passion. At our request, Vishal prepared his choice of...

Post a Comment

emo-but-icon
:noprob:
:smile:
:shy:
:trope:
:sneered:
:happy:
:escort:
:rapt:
:love:
:heart:
:angry:
:hate:
:sad:
:sigh:
:disappointed:
:cry:
:fear:
:surprise:
:unbelieve:
:shit:
:like:
:dislike:
:clap:
:cuff:
:fist:
:ok:
:file:
:link:
:place:
:contact:

Follow Us

Hot in weekRecentComments

Hot in week

Recent

Comments

Side Ads

Text Widget

Connect Us

item