-
World Health Organization (WHO)
April 2, 2020
•
[ espionage, phishing, government ]
Hackers working in the interests of the Iranian government have sent phishing emails masquerading as Google web services to WHO employees, attempting to gain access to internal information.
-
OGUsers (2020 breach)
April 2, 2020
•
[ hack, misconfiguration, technology ]
In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes. A total of 263k email addresses across user accounts and other tables were posted to a rival hacking forum.
-
HomeRefill
April 2, 2020
•
[ leak, retail ]
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
-
Berkine
April 1, 2020
•
[ ransomware, malware, energy ]
The Maze ransomware group posts data from Berkine, a joint venture between Sonatrach, the state-owned oil company of Algeria, and the US firm formerly known as Anadarko Petroleum Corporation.
-
-
Ticketclub
April 1, 2020
•
[ leak ]
Bl@ckt0r drops data on leak site.
-
Teespring
April 1, 2020
•
[ leak, retail ]
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
-
Marriott International
March 31, 2020
Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February.
-
Cosan
March 31, 2020
•
[ ransomware, malware, manufacturing ]
The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy.
-
GoDaddy
March 30, 2020
•
[ social, phishing, technology ]
A spear-phishing hits a customer service employee at GoDaddy.com, the world's largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com.
-
BetUS
March 30, 2020
•
[ ransomware, malware ]
Online gambling operator BetUS is the latest target of the Maze ransomware gang.
-
Unnamed medical device packaging company
March 29, 2020
•
[ hack, insider, manufacturing ]
Christopher Dobbins has been sentenced to federal prison for hacking his former employer and sabotaging their electronic shipping records, causing more than $200,000 in damage and delaying the shipment of personal protective equipment.
-
Teaching Council
March 28, 2020
A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared.
-
-
Social Bluebook
March 27, 2020
•
[ hack, technology ]
Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media "influencers" for posts that promote their products and services, is hacked.
-
TBG West Insurance
March 27, 2020
A filing from Cadwalader, Wickersham & Taft reveals that one of its vendors, TBG West Insurance, was hit with a ransomware attack on March 2020.
-
집꾸미기
March 27, 2020
In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by breachbase.pw.
-
Glofox
March 27, 2020
•
[ leak, misconfiguration, technology ]
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
-
Indian State Tax Office
March 26, 2020
•
[ hack, government ]
A hacker having the handle "Bassterlord", claims to have Admin access to an Indian State Tax office's network on a Russian hacking forum,
-
Kimchuk
March 26, 2020
•
[ ransomware, malware, manufacturing ]
Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware