On June 9, 2024, a significant data breach was reported involving Travela.xyz, an online marketplace for short and long-term homestays and experiences. The leaked data was discovered on a dark web hacking forum, exposing sensitive personal information of the company’s hosts.
About Travela
Travela.xyz, incorporated as a Private Limited Company in Dhaka, Bangladesh, in 2020, began its operations with the mission to diversify and democratize tourism, providing economic benefits to local communities. Despite its noble mission, the company now faces a serious cybersecurity incident that compromises the privacy and security of its hosts.
What Was Leaked?
The leaked data, consisting of 226 lines of user information, includes a comprehensive array of personal details:
- Host ID
- First Name
- Last Name
- Phone Number
- Email Address
- Birthdate
- Refer Code
- Total Booking
- Average Response Time
- Status
- OS Platform
- Bkash MSISDN (Mobile Number)
- Image
- Host Status
The exposure of such sensitive data can have severe implications for the affected hosts. Personal information like phone numbers, email addresses, and birthdates can be exploited for identity theft, phishing attacks, and other malicious activities. The leak of financial details such as the Bkash MSISDN further elevates the risk, potentially leading to financial fraud.
The Travela.xyz data breach shows that even new companies can be vulnerable to digital threats. As the investigation continues, it is essential for both companies and users to be aware of the risks and take proactive steps to safeguard personal information. This incident serves as a stark reminder of the importance of robust cybersecurity measures. Companies must prioritize the security of their users’ data by implementing stringent protective measures, conducting regular security audits, and staying vigilant against emerging threats.
