reservations.mexitravels.com data breach

reservations.mexitravels.com

What Happened

On February 27, 2026, a threat actor known as “Tanaka” leaked an SQL-format database allegedly from the reservations.mexitravels.com reservations/customer management system, exposing about 1,983,503 records from Mexican travel platform MexiTravels. The dataset, later seen on dark web forums and in multiple threat-intel alerts, reportedly contained email addresses, first and last names, property/location details, destination information, and language preferences, all tied to travel bookings rather than payment data. ScruteX and other monitors note that the leak was publicly advertised on or around March 3, 2026, and highlight risks such as highly targeted phishing using real trip details, identity theft, account takeover via credential stuffing, and specialized travel scams (for example, fake booking confirmations or fraudulent payment requests leveraging the exposed reservation data).

Compromised Assets

  • email
  • full name
  • phone
  • ip

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches