Emails, hashed passwords of 18 million Ixigo users stolen

BENGALURU: User data of 18 million, largely email IDs and hashed passwords, were allegedly stolen from online travel aggregation platform Ixigo. This is part of a broader data steal that saw user information being leaked from seven other global sites, including home improvement website Houzz.
Ixigo founder and CEO Aloke Bajpai told TOI the company will issue a notification to its users to reset their passwords as a safety measure.British news platform The Register first reported the data leak. Backed by China’s Fosun, Ixigo had over 20 million monthly active users in November last year. A company spokesperson said it had nearly 100 million users in total.
“Ixigo is currently investigating this alleged security breach. We are a travel marketplace and we take our users’ data and privacy seriously. We do not store payment, cards or financial information for any of our users. We encrypt and hash our passwords with a one-way hashing algorithm. While we have already taken pre-emptive security measures, such as two-factor authentication, we will also, as a precaution, reset passwords and security tokens of our users,” Bajpai said in a statement.
Earlier, online food delivery platforms like Zomato and FreshMenu faced similar incidents of data leaks in the country. Zomato, too, had issued notifications to affected users to change their passwords. This month, reports claimed India’s largest bank SBI had leaked sensitive financial data of its account holders. SBI, however, denied the same.
Bengaluru-based FreshMenu saw data of over a lakh users stolen in 2016, but it came to light only after haveibeenpwned (HIBP) — a platform that tells you if your email has been compromised in any data breach — disclosed it last September. For Zomato, the scale of the leak was higher with data of 17 million users compromised.
Globally, Equifax, Yahoo, eBay and Uber, among others, have faced some of the biggest data leaks online.