-
Comodo
July 27, 2019
•
[ hack, misconfiguration, technology ]
A hacker gain access to internal files and documents owned by security company and former SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet (GitHub).
-
ProtonMail
July 27, 2019
ProtonMail reveals that Reporters investigating Russian military intelligence have been targeted by highly sophisticated cyberattacks through their encrypted email accounts, with evidence suggesting Moscow was responsible.
-
Club Penguin Rewritten (July 2019)
July 27, 2019
•
[ hack, technology ]
In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). In addition to an earlier data breach that impacted 1.7 million accounts, the subsequent breach exposed 4 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes.
-
Anson County
July 26, 2019
The Anson County website is defaced with offensive images.
-
Puerto Rico Women And Children's Hospital
July 26, 2019
•
[ ransomware, malware, healthcare ]
Bayamn Medical Center and its affiliated Puerto Rico Women And Children's Hospital are hit by a ransomware attack.
-
Georgia Capitol Police
July 26, 2019
The same attack also hits the State Capitol Police.
-
DNForum
July 26, 2019
•
[ hack, brute-force, technology ]
DNForum.com sends out password reset requests to its users after attempts to access the accounts.
-
-
-
Club Penguin Rewritten
July 26, 2019
•
[ insider, hack, leak ]
A disgruntled administrator leaves a backdoor in Club Penguin Rewritten (a kids' gaming website) that enabled hackers to steal login data for a little over 4 million accounts.
-
Lincoln County Sheriff's Office
July 26, 2019
•
[ ransomware, malware, government ]
Lincoln County Sheriff's Office is hit by a ransomware attack.
-
Georgia Motor Carrier Compliance Division
July 26, 2019
•
[ government ]
And the Georgia Capitol Police is the third victim of the same attack.
-
-
StockX
July 26, 2019
•
[ leak, misconfiguration, retail ]
In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
-
Brazilian President Jair Bolsonaro
July 25, 2019
•
[ hack, government ]
The Brazilian Justice Ministry reveals that cellphones used by President Jair Bolsonaro were a target of cyber attacks.
-
City Power
July 25, 2019
•
[ ransomware, malware, energy ]
City Power, a major electricity supplier in South Africa's largest city has suffered a ransomware attack, leaving some residents without power. More than a quarter of a million people might have been affected.
-
Park DuValle Community Health Center
July 25, 2019
•
[ ransomware, malware, healthcare ]
Park DuValle Community Health Center is hit by a ransomware attack and pays hackers nearly $70,000 in hopes of unlocking the medical records of some 20,000 patients.
-
Bahrain's Electric and Water Authority
July 25, 2019
A threat actor broke into the systems of Bahrain's National Security Agency, Ministry of Interior, and office of the first deputy prime minister. On July 25, 2019, Bahraini authorities detected intrusions into its electric and water authority that shut down several systems. The attacks were similar to two hacks in 2012, in which the Shamoon virus was used to knock Qatar's natural gas firm RasGas offline and wipe data from the hard drives at Saudi Aramco, Saudi Arabia's national oil company. Iran is believed to be behind the attacks.
-
MGM Resorts (2022 Update)
July 25, 2019
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.
-
MGM Resorts
July 25, 2019
•
[ hack, leak, misconfiguration ]
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers and dates of birth and was subsequently shared on a popular hacking forum in February 2020 where it was extensively redistributed. The data was provided to HIBP by Under The Breach.
