Air India unit - Centaur Hotels website insecure - Passports, ID's, credit cards data at Risk
Website of Centaur Hotel at IGI airport New Delhi - https://centaurhotels.com/ used to upload customer data like passport, pan card, credit card and other forms of personal identification of their guests staying at New Delhi IGI airport property, Data in an hidden indexed directory on the website as shown above.
The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India's national carrier Air India which in turn is 100% owned by the Government of India.
This Security failure is disclosed by Bangalore Aviation. Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said "The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has not been removed from the Centaur Hotel's website. Any further clarifications may be entertained in presence of all three parties i.e. Centaur Hotels, S. Naidu Pvt. Ltd. and Hybrid Content."
Some Documents from Site :
