InfoSecBulletin Cybersecurity for mankind
Bangladeshi online market place Travela.xyz for homestays and experiences, suffered a major data breach on June 9, 2024. The leaked information, found on a dark web hacking forum, exposed the personal data of the company’s hosts.
The leaked data, which includes user information such as Host ID, First Name, Last Name, Phone Number, Email Address, Birthdate Refer Code, Total Booking, Average Response Time, Status, OS Platform, bkash MSISDN (Mobile Number), Image, and Host Status.
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
The Travela.xyz data breach serves as a powerful reminder that even emerging companies are susceptible to the ever-present dangers of the digital world.
BCSI reported, As the investigation unfolds, it becomes evident that it is crucial for both companies and users to acknowledge these risks and proactively shield their personal information. This incident serves as a wake-up call, emphasizing the dire need for steadfast cybersecurity measures. Companies must wholeheartedly prioritize the security of their users’ information by implementing rigorous protective measures, conducting regular security audits, and remaining perpetually vigilant in the face of emerging threats.
Travela was founded in 2020 to make tourism more accessible and beneficial for local economies. it’s vision is to create a world where travel is simple, safe, and enjoyable.
Travela was incorporated as a Private Limited Company at Dhanmondi in Dhaka, Bangladesh in 2020. One from travela said, they are now working Dhaka based.
As travela worked like bnb, its app must contain sensitive information. So, if the bad actor claim is legit, victimas may suffer seriously as bad actor may use or modify the info for illegal purposes. Personal information like phone numbers, email addresses, and birthdates can be used for identity theft, phishing attacks, and other harmful activities. The leak of financial details like the bkash MSISDN increases the risk, potentially resulting in financial fraud.
In recent times, hacker target many Bangladeshi gov.t and private institutions.
