ShellCodeX Breach Report
Ulmon Data Breach
ulmon.com
Verified breach
Passwords exposed
Accounts exposed
777,769
Breach date
26 Jan 2020
Added to tracker
08 May 2020
Data classes
6
What happened
In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios. The data was subsequently posted to a popular hacking forum.
Exposed data
Bios
Email addresses
Names
Passwords
Phone numbers
Social media profiles
Recommended actions
- Change your Ulmon password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Ulmon — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP