Let's see how we can help you!
Leave a message and our dedicated advisor will contact you.
Send us a message
0/10000
Vacation Canceled? Massive Data Breach at Travel Site VoyageSecure!
Published: 00:00 09/24/2025
Incydenty
A Bitter End to Vacation Season: Data of Millions of Tourists For Sale
The popular hotel and flight booking platform, VoyageSecure, has just confirmed that it has fallen victim to a massive data breach. Information concerning over 15 million customers from around the world is already available on a well-known darknet forum. If you have ever used their services, this news should set off alarm bells.
What Was Leaked and How Did It Happen?
According to preliminary findings, the attackers gained access to a database stored in a public cloud. The reason? A mundane and unfortunately still common one – a misconfiguration of access permissions, which left the digital door wide open.
A substantial package of data fell into the criminals' hands:
- Full names of customers.
- Email addresses and phone numbers.
- Booking history, including dates and locations of stays.
- Hashed passwords for accounts on the service.
- Partial payment card data (the last 4 digits).
The company emphasizes that full payment card numbers are secure, but the stolen information is a ready-made database for conducting sophisticated phishing attacks. Criminals, knowing your travel plans, can send very credible fake messages about "booking issues" to phish for your complete data.
What to Do? How to Proceed?
VoyageSecure has initiated a mass password reset process and promises free credit monitoring for affected customers in markets where it is available. Regardless, we recommend:
- Change your VoyageSecure password immediately. If you used it anywhere else, change it there too!
- Enable two-factor authentication (2FA) wherever possible.
- Be extremely cautious of emails and SMS messages allegedly from VoyageSecure. Do not click on links or provide any data.
This incident is another painful reminder that in today's world, our data is a valuable currency. And the companies we entrust it to do not always treat its security with the necessary diligence.
A similar breach recently affected a Spanish e-learning platform where data of 6 million users was stolen. Implementing ISO 27001 helps companies systematically manage information security and prevent such incidents.
Sources: VoyageSecure Statement, The Cyber Record
About the Author
Aleksander Zębrowski
Chief Technology Officer at SecurHub.pl
PhD candidate in neuroscience. Psychologist and IT expert specializing in cybersecurity.
Related Articles
Incydenty
Massive Data Breach on Spanish E-learning Platform: 6 Million Users at Risk
A Spanish e-learning platform has fallen victim to a massive attack, resulting in the theft of data from over 6 million users. The information has been put up for sale on a hacker forum.
04.10.2025
3 min
Incydenty
Buying an apartment and losing your identity? What the Dom Development data breach teaches us
The high-profile cyberattack on one of Poland's largest developers is more than just another leak. It's a story of how your entire family's data, from PESEL numbers to salaries, could have fallen into the wrong hands. We analyze what this means and how to protect yourself.
16:21 11.12.2025
17 min
Incydenty
Global AWS Outage: How One Region Switched Off Half the Internet
A global AWS outage, with its epicenter in US-EAST-1, paralyzed thousands of services today. From Slack and Zoom to Fortnite and banks—the internet took a forced day off. The culprit: DNS.
20.10.2025
9 min
Comments
Loading comments...