Full List

Search

Recent Breaches

• mSpy July 11, 2024 A data breach at the Zendesk customer support site of the phone surveillance operation mSpy exposes millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it, Brainstack.
• At least five Macau government websites July 11, 2024 • [ hack, ddos, government ] At least five Macau government websites are knocked offline by suspected foreign hackers for almost an hour.
• Clay County July 11, 2024 • [ ransomware, malware, government ] Clay County, Indiana files a local disaster declaration following a ransomware attack.
• The Heritage Foundation July 11, 2024 • [ hack, government ] The hacktivist group SiegedSec claims responsibility for a data breach at the Heritage Foundation, stealing details of a potentially controversial Project 2025.
• Lulu Hypermarket July 10, 2024 • [ leak, retail ] Lulu Hypermarket experiences a data breach, exposing over 200,000 customer records. The attack, claimed by IntelBroker, includes personal details such as email addresses and phone numbers. The full database, allegedly containing millions of user and order details, might be leaked in the future.
• Undisclosed third-party contractor of Nokia and Microsoft July 10, 2024 A threat actor known as 888 leaks the personal and contact details of thousands of Nokia and Microsoft employees on the notorious cybercrime platform, Breach Forums. According to the attacker, both leaks resulted from data breaches at a third-party contractor.
• General Motors July 9, 2024 • [ hack, brute-force, manufacturing ] General Motors (GM) suffers what appears to be a credential stuffing attack, affecting 65 GM MyAccounts.
• The Heritage Foundation July 9, 2024 • [ hack, education ] In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).
• Monroe County July 8, 2024 • [ ransomware, malware, government ] Monroe County is hit with a BlackSuit ransomware attack.
• U.S. Department of Veterans Affairs July 8, 2024 The Microsoft Azure environment of the U.S. Department of Veterans Affairs was briefly compromised by Russian threat actors
• Frankfurt University of Applied Sciences July 8, 2024 The Frankfurt University of Applied Sciences announced on Monday it was targeted by a serious hacker attack that has led to a total shutdown of its IT systems.
• Undisclosed app July 7, 2024 • [ leak, misconfiguration, retail ] E-commerce platform Shopify denies it suffered a data breach after a threat actor with the moniker of 888 begins selling customer data they claim was stolen from the company's network. According to Shopify, the data loss reported was caused by a third-party app.
• MSI July 7, 2024 • [ leak, misconfiguration, technology ] In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number.etc)".
• LuLu July 6, 2024 In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes.
• Pennsylvania State Education Association July 6, 2024 • [ ransomware, data leak ] Teachers union reports july 2024 breach with rhysida claim and mass notifications.
• Elite Fitness July 5, 2024 • [ ransomware, leak, malware ] The DragonForce ransomware group says on its leak site that it stole 5.31 gigabytes of data from Elite Fitness, New Zealand's leading fitness equipment retailer.
• FNTech July 5, 2024 • [ hack, misconfiguration, technology ] Roblox announces that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees, after a vendor, FNTech, is compromised.
• AnimeLeague July 4, 2024 • [ leak, sqlinjection, technology ] In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
• FNTECH July 4, 2024 • [ leak, technology ] In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
• Husky Owners July 4, 2024 • [ hack, leak ] In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.