Yatra.com breach: How to check if your data is compromised, and what to do if it is

Online travel bookings platform Yatra.com reportedly had five million records exposed in a data breach back in 2013. That means if you have an account on Yatra.com, your data is possibly in the hands of someone who shouldn’t have it. This information was tweeted by a website called ‘Have I Been Pwned’ (HIBP) on Thursday.

According to the website, the data contained email and physical addresses, dates of birth and phone numbers, along with both PINs and passwords stored in plain text. To be precise, 5,033,997 accounts were compromised.

Have I been Pwned is a website that allows people to check if they have an account that has been compromised in a data breach. There has been no communication from Yatra.com regarding the data breach. However, HIBP also states that another website ‘Vigilante’, which is a database of breaches, first reported the Yatra data breach.

This has come to light at a time when there is serious concern over privacy on the internet, with people’s personal and financial details being compromised in many instances.

So how do you know if your data has been breached?

Ideally, if a website finds out that its data has been compromised, it should send out a mail to all its users informing them of the breach and what exactly was comprised and when. Zomato, for example, sent out a mail when its data was breached and asked users to change their passwords.

There are websites such as HIBP (haveibeenpwned.com) that let you enter your email ID and check if it has been a part of any data breach in the past. Websites such as this scan through all data breaches and all the data on this site comes from "breaches" where data is exposed to persons that should not have been able to view it. This particular website was started by a Microsoft executive after the Adobe data breach in 2013.

There are a few other websites as well that let you check across a massive database of breaches. There are also identity protection services that send you alerts if any suspicious activity is identified on accounts you use.

What to do if you email ID or password has been compromised?

• The first and most important step to take if your account has been compromised is to change the login password of the website whose data was breached. As an additional measure, it is also a good move to change the password of your email address.
• If you use the same password on any other website, change that password too.
• Never use the same password for more than one website. This makes it easy for hackers to then access your data across websites, and your information will be at a greater risk.
• The key to better online security is to have strong passwords. A strong password would be one with a mix of upper, lower case letters, numbers and characters. Though painstaking, have a unique password for every service you use.
• To be secure, ensure you change passwords of all your critical accounts, especially those that have your banking and financial information saved, at frequent intervals.