A threat actor has allegedly breached VentureYours, a U.S.-based vacation rental management platform, and leaked what they claim is a massive archive containing customer records, booking information, support logs, contracts, and identity verification documents tied to the company’s operations.
The alleged breach was posted on a cybercrime forum on May 18, with the actor claiming to possess approximately 64 GB of data spanning more than 116,000 CSV files and over 25 million records.
According to the post, the exposed data allegedly includes customer names, phone numbers, email addresses, property management records, booking details, rental agreements, and copies of driver’s licenses used for identity verification purposes.
The actor also claims the dataset contains internal operational data and support conversation exports associated with the platform’s customer communications systems.
Sample records reviewed by BreachNews appeared to contain structured property management and customer contact information associated with vacation rental operations across multiple U.S. states.
Leak allegedly includes KYC documents and booking records
The forum post claims the compromised files include identity verification documents and contracts tied to vacation rental customers and property owners.
Among the allegedly exposed materials are driver’s licenses, rental agreements, customer support interactions, property contact details, and booking-related metadata.
The leaked samples also appeared to contain records associated with vacation property owners, support inbox exports, and operational communications tied to reservation workflows.
Some entries referenced integrations and conversation exports structurally consistent with customer messaging and CRM platforms commonly used in hospitality operations.
If authentic, the exposure could create elevated phishing, fraud, and identity theft risks for affected individuals due to the combination of personally identifiable information and booking-related records.
Hospitality platforms remain attractive extortion targets
Vacation rental and hospitality management providers continue to attract threat actors because they often store large volumes of sensitive customer information, payment-related records, contracts, and identity verification documents in centralized systems.
Unlike traditional hotel breaches that primarily expose reservation data, platforms managing property onboarding and rental verification processes may also retain copies of government-issued identification documents and operational records tied to both guests and property owners.
The alleged VentureYours leak surfaced shortly after several other large database exposure claims involving customer management and CRM-style platforms were advertised on cybercrime forums.
At time of publication, VentureYours had not issued any public statement regarding the alleged incident.
BreachNews has not independently verified the full dataset or confirmed whether the information originated from VentureYours systems directly.
Individuals who may have used the platform should remain cautious of unsolicited communications, fake booking notifications, identity verification requests, or phishing emails referencing vacation rentals or property management activity.
Last week, BreachNews also reported on the alleged ReferralRock database breach involving more than 11 million records.
