Some of you may have come across recent media reports talking about ixigo’s involvement in a security breach. We would like to let you know that we took the following steps as soon as we were informed of the breach:
1) Passwords of all our users were reset and a prompt communication was sent to all impacted users on 15th Feb 2019 apprising them of the situation.
2) We went live with a 2 Factor Authentication password-less login mechanism on 17th Feb 2019.
3) We encrypted all PIIs from all our databases. Encrypted PIIs can only be viewed by logged-in user themselves, inside the application and not even by our System Admins.
4) We do not save any payment data and financial information of our users and have never done so in the past.
5) External audits of all our APIs and infrastructure are done on a regular basis by a third party security firm (wesecureapp.com).
6) We have implemented strong perimeter controls and all production infrastructure is within private networks with no direct internet access. Database servers particularly are further isolated from application servers.
7) Corporate infrastructure is completely isolated from production infrastructure and has strict role based access control with Single Sign-On enabled.
In light of major security breaches that occurred recently across the web affecting 770 million users globally, we strongly recommend you to check if your data was involved in any of these security breaches using websites such as HaveIBeenPwnd. Also, use strong and unique passwords on every website you use.
We ensure complete transparency and are constantly working towards protecting your information and privacy. This instance has made us even more resolute and cautious towards our security endeavours.
ixigo is dedicated to simplifying the lives of millions of travellers across the country. We guarantee a continued, seamless travel planning experience to all our users.
Apologies for any inconvenience this may have caused to you!