ixigo

In January 2019, Ixigo, a prominent Indian travel and hotel booking platform, experienced a data breach that compromised approximately 17 million user records. The exposed data included email addresses, hashed passwords, names, phone numbers, and social media profiles as well as a small number of passports. The breach was part of a larger security incident involving multiple websites, with the stolen data appearing for sale on a dark web marketplace in February 2019. Investigations revealed that Ixigo had utilized the outdated MD5 hashing algorithm for password storage, which is considered insecure and susceptible to decryption. In response, Ixigo promptly reset all user passwords, implemented a two-factor authentication login mechanism, encrypted all personally identifiable information in their databases, and conducted regular external audits of their APIs and infrastructure by a third-party security firm. ​

Data Included in the Breach