What happened in the Ixigo data breach?
Twingate Team
•
Apr 11, 2024
In a significant data breach, the travel and hotel booking site Ixigo experienced unauthorized access to its user records in January 2019. The breach raised concerns about data privacy and the need for robust security measures to protect sensitive information.
How many accounts were compromised?
The breach compromised data of approximately 17.2 million users.
What data was leaked?
The data exposed in the breach included auth tokens, device information, email addresses, genders, names, passwords, phone numbers, salutations, social media profiles, and usernames.
How was Ixigo hacked?
In the Ixigo data breach, the compromised information appeared for sale on a dark web marketplace in February 2019. The breach was part of a larger security incident involving multiple websites. Ixigo's investigation revealed that they used an outdated MD5 hashing algorithm to scramble passwords, which is now considered easy to unscramble.
Ixigo's solution
In response to the data breach, Ixigo took several measures to enhance the security of its platform and prevent future incidents. These measures included resetting all user passwords, implementing a 2 2-factor authentication login mechanism, encrypting all personally identifiable information in their databases, and conducting regular external audits of their APIs and infrastructure by a third-party security firm. Additionally, Ixigo implemented strong perimeter controls and isolated its corporate infrastructure from its production infrastructure. The company also sent prompt communication to all impacted users, informing them of the situation and recommending the use of strong, unique passwords on every website.
How do I know if I was affected?
Ixigo notified affected users about the breach. If you're an Ixigo user and haven't received a notification, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Where can I go to learn more?
If you want to find more information on the Ixigo data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Ixigo data breach?
Twingate Team
•
Apr 11, 2024
In a significant data breach, the travel and hotel booking site Ixigo experienced unauthorized access to its user records in January 2019. The breach raised concerns about data privacy and the need for robust security measures to protect sensitive information.
How many accounts were compromised?
The breach compromised data of approximately 17.2 million users.
What data was leaked?
The data exposed in the breach included auth tokens, device information, email addresses, genders, names, passwords, phone numbers, salutations, social media profiles, and usernames.
How was Ixigo hacked?
In the Ixigo data breach, the compromised information appeared for sale on a dark web marketplace in February 2019. The breach was part of a larger security incident involving multiple websites. Ixigo's investigation revealed that they used an outdated MD5 hashing algorithm to scramble passwords, which is now considered easy to unscramble.
Ixigo's solution
In response to the data breach, Ixigo took several measures to enhance the security of its platform and prevent future incidents. These measures included resetting all user passwords, implementing a 2 2-factor authentication login mechanism, encrypting all personally identifiable information in their databases, and conducting regular external audits of their APIs and infrastructure by a third-party security firm. Additionally, Ixigo implemented strong perimeter controls and isolated its corporate infrastructure from its production infrastructure. The company also sent prompt communication to all impacted users, informing them of the situation and recommending the use of strong, unique passwords on every website.
How do I know if I was affected?
Ixigo notified affected users about the breach. If you're an Ixigo user and haven't received a notification, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Where can I go to learn more?
If you want to find more information on the Ixigo data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Ixigo data breach?
Twingate Team
•
Apr 11, 2024
In a significant data breach, the travel and hotel booking site Ixigo experienced unauthorized access to its user records in January 2019. The breach raised concerns about data privacy and the need for robust security measures to protect sensitive information.
How many accounts were compromised?
The breach compromised data of approximately 17.2 million users.
What data was leaked?
The data exposed in the breach included auth tokens, device information, email addresses, genders, names, passwords, phone numbers, salutations, social media profiles, and usernames.
How was Ixigo hacked?
In the Ixigo data breach, the compromised information appeared for sale on a dark web marketplace in February 2019. The breach was part of a larger security incident involving multiple websites. Ixigo's investigation revealed that they used an outdated MD5 hashing algorithm to scramble passwords, which is now considered easy to unscramble.
Ixigo's solution
In response to the data breach, Ixigo took several measures to enhance the security of its platform and prevent future incidents. These measures included resetting all user passwords, implementing a 2 2-factor authentication login mechanism, encrypting all personally identifiable information in their databases, and conducting regular external audits of their APIs and infrastructure by a third-party security firm. Additionally, Ixigo implemented strong perimeter controls and isolated its corporate infrastructure from its production infrastructure. The company also sent prompt communication to all impacted users, informing them of the situation and recommending the use of strong, unique passwords on every website.
How do I know if I was affected?
Ixigo notified affected users about the breach. If you're an Ixigo user and haven't received a notification, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Where can I go to learn more?
If you want to find more information on the Ixigo data breach, check out the following news articles: