Saturday , 28 November 2020

BREAKING!!! – Air India unit – Centaur Hotels’ website insecure – allows access to guests’ passports, ID’s, credit cards

The next time you check in to the Centaur Hotel at IGI airport New Delhi, and hand over your passport and/or credit card, beware!!!!, you are exposing your personal information to the whole world.

At a time when the Government of India is imposing draconian rules on internet services providers, and battles are raging on the issue of privacy, or the lack thereof, the website of Centaur Hotels (www.centaurhotels.com) is allowing access to hundreds of passport copies, credit cards, and other forms of personal identification of their guests staying at New Delhi IGI airport property.



The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India’s national carrier Air India which in turn is 100% owned by the Government of India.

This is an unbelievable shocking failure to enforce even the most basic internet security norms at any level. It requires no special skills and the link is out there in the open. A young student known to me, downloaded all the passport copies and some copies of credit cards within a few minutes without any special tools.

In the midst of the Incredible India tourism campaign, no visitor to the hotel is immune, Indian or foreign. This is situation is just “Incredible Air India”.

The website shows the site manager as one Capt. Samarth Singh who is the CEO of a firm called Hybrid Content. Capt. Singh’s Linkedin profile and individual profile.

Calls to Air India were unanswered. Bangalore Aviation contacted the executive manager of the particular Centaur property who responded “please send us your complaint in writing and we will look in to it.” Such a callous disregard is just unheard of in the hospitality industry.

Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said

“The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has not been removed from the Centaur Hotel’s website. Any further clarifications may be entertained in presence of all three parties i.e. Centaur Hotels, S. Naidu Pvt. Ltd. and Hybrid Content.”

Capt. Singh was unable to indicate for how long this vulnerability existed and how many guests have had their personal details compromised. He did say he would take immediate corrective action which could include pulling down the website.

At Bangalore Aviation we would still like to protect the details of individuals, so we are not disclosing the specific URL that is vulnerable, but below are samples of the copies of hundreds of personal documents and credit cards available on the site.

About Devesh Agarwal

A electronics and automotive product management, marketing and branding expert, he was awarded a silver medal at the Lockheed Martin innovation competition 2010. He is ranked 6th on Mashable's list of aviation pros on Twitter and in addition to Bangalore Aviation, he has contributed to leading publications like Aviation Week, Conde Nast Traveller India, The Economic Times, and The Mint (a Wall Street Journal content partner). He remains a frequent flier and shares the good, the bad, and the ugly about the Indian aviation industry without fear or favour.

Check Also

Jet Airways' Boeing 737-800 VT-JBD

Why Jet Airways is critical to Boeing’s India presence

Indian aviation continues to show tremendous aviation potential with growth forecast to be in the …

Spicejet Boeing 737-800 VT-SPL "Cardamom"

SpiceJet Q3FY19 results analysis: challenges remain

SpiceJet, reported its third quarter results of the fiscal year 2018-19 (FY19) this Monday. There …