The next time you check in to the Centaur Hotel at IGI airport New Delhi, and hand over your passport and/or credit card, beware!!!!, you are exposing your personal information to the whole world.
At a time when the Government of India is imposing draconian rules on internet services providers, and battles are raging on the issue of privacy, or the lack thereof, the website of Centaur Hotels (www.centaurhotels.com) is allowing access to hundreds of passport copies, credit cards, and other forms of personal identification of their guests staying at New Delhi IGI airport property.
The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India’s national carrier Air India which in turn is 100% owned by the Government of India.
This is an unbelievable shocking failure to enforce even the most basic internet security norms at any level. It requires no special skills and the link is out there in the open. A young student known to me, downloaded all the passport copies and some copies of credit cards within a few minutes without any special tools.
In the midst of the Incredible India tourism campaign, no visitor to the hotel is immune, Indian or foreign. This is situation is just “Incredible Air India”.
The website shows the site manager as one Capt. Samarth Singh who is the CEO of a firm called Hybrid Content. Capt. Singh’s Linkedin profile and individual profile.
Calls to Air India were unanswered. Bangalore Aviation contacted the executive manager of the particular Centaur property who responded “please send us your complaint in writing and we will look in to it.” Such a callous disregard is just unheard of in the hospitality industry.
Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said
“The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has not been removed from the Centaur Hotel’s website. Any further clarifications may be entertained in presence of all three parties i.e. Centaur Hotels, S. Naidu Pvt. Ltd. and Hybrid Content.”
Capt. Singh was unable to indicate for how long this vulnerability existed and how many guests have had their personal details compromised. He did say he would take immediate corrective action which could include pulling down the website.
At Bangalore Aviation we would still like to protect the details of individuals, so we are not disclosing the specific URL that is vulnerable, but below are samples of the copies of hundreds of personal documents and credit cards available on the site.