Full List

Search

Recent Breaches

• Davos in the Desert October 22, 2018 • [ hack, finance ] The website of the Saudi Arabian investment conference, referred to as "Davos in the Desert", is defaced with anti-Saudi messages, to protest against the death of journalist Jamal Khashoggi.
• Trade October 21, 2018 Cryptocurrency exchange Trade.io reveals a security breach: an unknown party withdraws over 50 million Trade tokens (TIO), worth over $7.5 million, from its cold storage wallets.
• GoldSilver October 21, 2018 • [ leak, misconfiguration, finance ] In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names, addresses, phone numbers, purchases and passwords and answers to security questions stored as MD5 hashes. In a small number of cases, passport, social security numbers and partial credit card data was also exposed. The data breach and source code belonging to GoldSilver was publicly posted on a dark web service where it remained months later. When notified about the incident, GoldSilver advised that "all affected customers have been directly notified".
• 8 Adult Websites October 20, 2018 Eight poorly secured websites are hacked, exposing megabytes of personal data. 1.2 million users are exposed.
• Catawba Valley Medical Center October 19, 2018 • [ social, phishing, healthcare ] Catawba Valley Medical Center notifies patients of a phishing email incident occurred on August 13, 2018.
• Healthcare October 19, 2018 The Centers for Medicare & Medicaid Services (CMS) announces that Healthcare.gov, the federally operated health insurance marketplace, has suffered a data breach. The CMS believes files for as many as 75,000 people were accessed.
• Indiana National Guard October 18, 2018 • [ ransomware, malware, government ] The Indiana National Guard reports that a non-military server that contains the personal information of civilian and military personnel is hit with ransomware.
• City of Muscatine October 17, 2018 The City of Muscatine is hit with a ransomware attack on October 17. Financial and other servers are affected.
• Facepunch October 17, 2018 • [ leak, technology ] As reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed.
• Vesta Control Panel (VestaCP) October 17, 2018 • [ hack, malware, technology ] Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed two weeks later, on June 13.
• A primary company in the Italian naval industry October 17, 2018 • [ espionage, malware, manufacturing ] Researchers from Yoroi discover a new targeted campaign against one of the most important companies in the Italian naval industry. The malware is dubbed MartyMcFly.
• City of West Haven October 16, 2018 • [ ransomware, malware, government ] The City of West Haven pays $2,000 after having 23 of its servers encrypted from a ransomware attack.
• Eatigo October 16, 2018 • [ leak, misconfiguration, technology ] In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
• EOSBet October 15, 2018 Hackers are believed to have stolen $338,000 worth of EOS cryptocurrency from blockchain-powered gambling dApp EOSBet.
• Onslow Water and Sewer Authority (ONWASA) October 13, 2018 • [ ransomware, malware, government ] The Onslow Water and Sewer Authority (ONWASA) is hit by a targeted ransomware attack carried out via Ryuk.
• Henderson School District October 12, 2018 • [ financial, phishing, education ] The Henderson school district in Texas is hit with a business email compromise (BEC) attack resulting in a $600,000 loss for the district. The attack took place on September, 26th.
• Pluto TV October 12, 2018 In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
• Sodexo Motivation Solutions October 10, 2018 • [ hack, malware ] Sodexo Motivation Solutions' internal IT systems are hit by malware and as a consequence the Sodexo Engage's website lifestylehub.co.uk is pulled offline.
• Morele.net October 10, 2018 In October 2018, the Polish e-commerce website Morele.net suffered a data breach. The incident exposed almost 2.5 million unique email addresses alongside phone numbers, names and passwords stored as md5crypt hashes.
• Minnesota Department of Human Services October 9, 2018 • [ social, phishing, government ] The Minnesota Department of Human Services falls victim to a phishing email scam. The attackers accessed the information of approximately 21,000 individuals in two incidents back in June and July.