What Happened
In March 2019, Hurb (formerly Hotel Urbano), a Brazilian online travel agency, suffered a data breach exposing over 20 million customer records, including names, email addresses, phone numbers, dates of birth, home addresses, IP addresses, social media profiles, and passwords stored as unsalted MD5 hashes. The incident occurred around March 14, with the stolen data discovered and verified in July 2020 when it appeared online for download, though one conflicting report mentions a May 23 discovery and June notification (likely erroneous, as Hurb is consistently distinguished from “Houras”). No evidence indicates credit card details were compromised, but the breach raised risks of identity theft and fraud due to the volume and sensitivity of the information.
