Ixigo data breach

Ixigo

What Happened

In January 2019, Ixigo, a prominent Indian travel and hotel booking platform, suffered a major data breach when attackers gained unauthorized access to its database, compromising approximately 17.2 million user records that were later offered for sale on a dark web marketplace in February. The exposed data included email addresses, full names, phone numbers, genders, locations (city and country), social media profile links (e.g., Facebook), usernames, device information, authorization tokens, salutations, and passwords stored with the insecure MD5 hashing algorithm; some sources also noted a small number of passport IDs and IP addresses, though no financial or payment details were affected. The incident was part of a broader hack targeting multiple sites, with Ixigo initially denying the breach but responding by resetting all user passwords on February 15, implementing two-factor authentication, encrypting personally identifiable information, conducting third-party audits, and notifying affected users.

Compromised Assets

  • email
  • password

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches