ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Ulmon Data Breach

ulmon.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 777,769
Breach date 26 Jan 2020
Added to tracker 08 May 2020
Data classes 6

What happened

In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios. The data was subsequently posted to a popular hacking forum.

Exposed data

Bios Email addresses Names Passwords Phone numbers Social media profiles

Recommended actions

  • Change your Ulmon password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Ulmon — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP