ShellCodeX Breach Report
Hurb Data Breach
hurb.com
Verified breach
Passwords exposed
Accounts exposed
20,727,771
Breach date
14 Mar 2019
Added to tracker
27 Jul 2020
Data classes
7
What happened
In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
Exposed data
Dates of birth
Email addresses
IP addresses
Names
Passwords
Phone numbers
Social media profiles
Recommended actions
- Change your Hurb password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Hurb — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP