Agoda Data Breach?

Did anyone else get an email from Agoda? It’s fairly cryptic but I believe they had a data breach. They didn’t mention passwords were breached but also telling us to reset our passwords

As a part of Agoda’s ongoing security monitoring, we recently identified a rise of unusual activity involving unauthorized attempts to access the online accounts of some of our customers. Our further checks support that this likely resulted from malicious parties obtaining valid credentials from another source external to Agoda and making attempts to see if those credentials could be used to gain unauthorized access to Agoda customer account details.
In some instances it seems that such attempts when using valid credentials were successful and it’s possible that your profile information may have been accessed by someone unknown to us and you. This includes personal identifiers such as your name, email address and associated information e.g. last four digits of your credit card and travel bookings.
Please be vigilant with your digital footprint, not only with us but with any other online accounts where you may have repurposed your user credentials. Your online safety is important to us and we have taken measures including the above password reset to help protect you.“

Related Stores



  • +3

    It’s fairly cryptic but I believe they had a data breach.

    Not sure how that is anything cryptic it is saying if you reuse passwords don't that is all. Nothing in it suggests anything like a data breach.

    The following paragraph you posted is about someone/group is now targeting that platform with password stuffing.
    Which is looking at other sites data breaches and trying passwords from those on Agoda for gain.
    So is saying if you reuse a password or it isn't unique enough change your password now to avoid having your details stolen that way and don't say we didn't warn you.
    That is the simplest way of saying it.

    Examples of not being unique enough means when you use the same password but change something add a number capitalise a random letter for example
    site A: "Password123" site B: "passWord123" Site C: "password1234". Site D: "pAssword123" Those are far from being unique enough.

  • +1

    yes, I got it too. I know it is true, as I have had someone trying to log into my account from China for a while. I had changed the password recently because of that, but I got this email today as well. Of course I didn't click on the link in the email just to be sure, but my login didn't work, so I assume the email is genuine. I have changed my password again, directly through the website.

  • We've had fraudulent activity blocked on a credit card that is only used for flight bookings through Qantas and Agoda. I'm 90% Agoda has been hacked and credit card details stolen.

Login or Join to leave a comment