-
Collection #1
January 7, 2019
In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
-
Linda Frum's Twitter account
January 6, 2019
•
[ hack, government ]
Conservative Senator Linda Frum's Twitter account is hacked. The attackers share personal information including her drivers license and post racial tweets.
-
Queensland EWN
January 5, 2019
•
[ hack, malware, government ]
A hacker gains unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company's subscribers.
-
Resort Municipality of Whistler
January 5, 2019
•
[ hack, government ]
The Resort Municipality of Whistler (RMOW) is reporting that its municipal website, whistler.ca, has been breached.
-
German politicians
January 4, 2019
In what is immediately called "Hacker-Angriff" (Hacker Attack), someone publishes the personal details of hundreds of German politicians, artists and local YouTube celebrities. Few days later a 20-year-old German confesses to be the author of the attack.
-
Chaplaincy Health Care
January 4, 2019
•
[ social, phishing, healthcare ]
Chaplaincy Health Care offers free identity protection and credit monitoring to more than 1,000 people after an employee's email login credentials are compromised through an apparent phishing scheme.
-
Wichita State University
January 4, 2019
•
[ social, phishing, education ]
At least three employees of Wichita State University do not receive their paychecks after they fall victim of an e-mail phishing scheme.
-
Luas
January 3, 2019
The website of the tram operator Luas is taken down after a cyber attack. The author threatens to dump the records of about 3,000 if the ransom of 1 BTC ($3,843 worth) is not paid.
-
ixigo
January 3, 2019
•
[ leak, misconfiguration, technology ]
In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
-
BlankMediaGames (BMG)
January 2, 2019
BlankMediaGames (BMG) admits that a hacker has stolen the personal details of 7.6 million users of browser-based game the "Town of Salem".
-
China Railway
January 2, 2019
•
[ leak, misconfiguration ]
Data thieves steal the personal information of nearly 5 million people from an unconfirmed number of Chinese online ticket reservation platforms, according to Beijing police, who arrested a suspect in the case.
-
Victorian government
January 1, 2019
•
[ leak, phishing, government ]
The work details of 30,000 Victorian public servants have been stolen in a data breach, after part of the Victorian Government directory was downloaded by an unknown party after an employee's email account is compromised.
-
Residential Mortgage Services, Inc.
January 1, 2019
•
[ social, phishing, finance ]
This cyber breach allegedly arose when a RMS employee clicked on a hyperlink in a phishing email that falsely appeared to originate from a RMS business partner. The RMS employee provided her email credentials to the malicious website opened by the hyperlink.
-
Volodymyr Zelenskiy website
January 1, 2019
•
[ hack, government ]
Hackers launch an attack on the website of showman Volodymyr Zelenskiy following the announcement of his candidacy for president on New Year's Eve.
-
Armor Games
January 1, 2019
•
[ hack, technology ]
In January 2019, the game portal website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
-
Royal Enfield
January 1, 2019
•
[ leak, misconfiguration, automotive ]
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
-
Australian National University
January 1, 2019
•
[ hack, education ]
hacked
-
Bulgarian National Revenue Agency
January 1, 2019
•
[ hack, government ]
hacked
-
-
