18 million Ixigo user records leaked in major data breach 18 million records from travel bookings site Ixigo and 40 million records from YouTube were breached, as part of a larger data breach affecting 127 million user records across 8 companies, reports ZDNet. A hacker who stole 620 million user records from 16 major websites last year was behind the current breach. In all, the hacker is selling the current data for $14,500 in bitcoin. Ixigo’s leaked user data included password hashes, full name, IP address, username, email, Facebook URL, and the passport ID number and the names of some users. Ixigo reportedly used an outdated MD5 hashing algorithm to scramble passwords, which is easy to unscramble. Ixigo has, meanwhile, denied the breach and said it does not store any payment, card or financial information of its users. It also does not store user passwords for third-party logins via Google, Facebook, and Truecaller. It said that it is “proactively investigating the alleged security breach” and has taken “pre-emptive security measures and reset user passwords & auth tokens." ixigo is proactively investigating the alleged security breach reported by the media. While the claims have not been confirmed, we have taken pre-emptive security measures and reset user passwords & auth tokens. (1/2) — ixigo (@ixigo) February 16, 2019 Leaked YouTube user data included full name, profile ID, IP address, email, Facebook email and ID, Instagram ID, Google ID, Twitter ID. The other affected companies included Houzz, Ge.tt, cryptocurrency site Coinmama, gaming sites…
