ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Travelio Data Breach

travelio.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 471,376
Breach date 23 Nov 2021
Added to tracker 08 Apr 2022
Data classes 7

What happened

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.

Exposed data

Auth tokens Dates of birth Email addresses Names Passwords Phone numbers Physical addresses

Recommended actions

  • Change your Travelio password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Travelio โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP