He may have done what many a foodie only dreams of doing. Self-professed ethical hacker Kanishk Sajnani ordered Kadhai Chicken for Re 1 and 2 Naans for Rs 6 from the official service offered by the Indian Railway Catering and Tourism Corporation (IRCTC) by exploiting a vulnerability.
Now, in an interview with Times Of Food, Sajnani has warned people against using insecure connections. He also urged food-delivery or catering companies to spend more to beef up their security protocols.
The warnings sound ominous after 17 million Zomato users’ data was compromised in May last year. A hacker stole their email addresses and passwords, albeit in a hashed format, Zomato acknowledged.
Food for a pittance
Sajnani, just 21 years old, has been in the news for quite a few reasons. For example, he managed last year to buy a flight ticket from Delhi to San Francisco in the US for just Re 1.
Then, in March this year, he wrote about how he bought a plate of Kadhai Chicken from IRCTC for just Re 1 using a mobile wallet.
He tried using the same exploit for another digital wallet, and bought two Naans for just Rs 6.
He told Times Of Food on Monday, April 23, that the fault in both cases was with IRCTC’s developers.
IRCTC is a subsidiary company of Indian Railways. According to its official website, the Ministry of Railway created it to hive off the “entire catering and tourism activity of the railways to the new Corporation so as to professionalise and upgrade these services with public-private participation.”
Warnings from an ethical hacker
Sajnani, meanwhile, told Times Of Food that vulnerabilities still exist in apps and websites. He said people should be careful while accessing them.
Regarding accessing food delivery or ordering sites on the internet, Sajnani said: “People should ensure that the site is secure and has implemented the HTTPS protocol.”
He added: “Google Chrome has recently started telling people in the address bar whether sites have this protocol and are secure.”
Sajnani also asked people to ensure the apps they use to order food have two-factor authentication.
He had some words of caution for the F&B and hospitality industry as well. Sajnani said companies should put more funds into ensuring the security of their users’ data. At present, companies spend much more on mere development, he said.