Toll Plaza Data Exposure

FASTag is a toll collection system in India based on Radio Frequency Identification (RFID) technology. FASTag directly makes payments from the bank account to the toll plaza without stopping for transactions.

Cyble Research Labs found a publicly exposed website containing plain text data of an unidentified toll plaza. The exposed website has information related to transactions, vehicle registration, vehicle type, tag ID, digital signature, etc., used for transactions.

Figure 1 shows the website containing the configuration data of the website.

Figure 1: The website containing the configuration data of the website

The folder XmlFiles contains data related to the various transections starting from 27 August 2021 till 27 December 2021, as shown in Figure 2.

Figure 2: The various transections

We found that the folder contains XML files containing data related to FASTag transactions during our analysis.

The following information is present in the XML files:

  • Plaza ID
  • Vehicle Tag ID
  • Vehicle Class
  • Vehicle Registration Number
  • Digital Signature Information

The XML file containing further details is shown in Figure 3.

Figure 3: The further details from the leak


This data exposure poses third-party risks. Though the risk level is relatively low, attackers could potentially leverage the exposed data to carry out social engineering attacks.

Our Recommendations

Following essential cybersecurity best practices creates the first line of control against attackers. We recommend that our readers follow the best practices given below:

  • Regularly monitor your public-facing network assets.
  • External APIs should implement authentication measures to keep critical data confidential.
  • Regularly perform audits and Vulnerability Assessment and Penetration Testing (VAPT) of organizational assets, including network and software.
  • Implement strict Identity and Access Management (IAM) policy.

Scroll to Top