Suspicion of data leak from Railway app MySQL DB
I don't know if it would come from a data leak or a clause in the contract that allows Railway to sell datas, but something really strange happened and I think comes form my use of Railway.
So for the context I developed a box-office platform for a theater company. I wanted to offer a friend tickets for a show and I followed the shopping process myself so he only gets the final ticket and no insights on the price, whatsoever. During the first half of the process, to receive the bill myself, I put HIS booking name and MY email address.
But I just received a phishing spam on my mailbox, with his name. I see no way those two associations could have been done, except for that time I used his name with my email address.
My db is only stored on Railway side, I have no other connection done to it, and I was on my private network so I can't imagine any sniffing.
Do you see anything I could investigate on my side ? Could it be a data leak from Railway ? Is there a clause I've been missing ?
If i'm in the wrong section, let me know and I'll move my post π
Thank you for your help π
2 Replies
I promise you railway does not sell your data, they are far above that
they have a very clear legal page, would highly recommend reading it
https://railway.app/legal/privacy
tl;dr they only keep information about you, your device, and your account, and they would not touch your database without your permission
with that said, I have no clue why you got a fishing email with that name and address specifically, but it wasn't leaked from railways side
Could be that your database has an exposed public url, is that the case?