-
Color Dating
September 5, 2018
•
[ hack, misconfiguration, technology ]
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
-
Knuddels
September 5, 2018
•
[ leak, misconfiguration, technology ]
In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined 20k for the breach.
-
Boa Vista SCPC
September 4, 2018
•
[ hack, finance ]
Brazilian credit bureau Boa Vista SCPC investigates a possible hack, after a group of hackers called Fatal Error claimed it accessed the database of the company which has more than 350M personal data.
-
Mega
September 4, 2018
The official Chrome extension for the MEGA.nz file sharing service is compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accounts.
-
Hoopeston Area School District
September 3, 2018
•
[ hack, education ]
The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.
-
South African Department of Labour
September 3, 2018
•
[ hack, ddos, government ]
The South African Department of Labour confirms a DDoS attack which disrupted the government agency's website.
-
EscortReviews
September 1, 2018
•
[ hack, misconfiguration, technology ]
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. The site ran vBulletin 3.8.9, which has known vulnerabilities that could allow attackers to breach the site. It is unknown if the forum was hacked using one of these vulnerabilities or if the site left an unsecured backup of the database online.
-
Town of Midland
September 1, 2018
•
[ ransomware, malware, government ]
The small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities computer system with a ransomware attack.
-
Multiplayer.it
September 1, 2018
In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum. The impacted data included email addresses, usernames and salted MD5 password hashes. Multiplayer.it subsequently confirmed the breach dated back 6 years to September 2018 and was merely re-posted in 2024.
-
Patria Bank
August 30, 2018
Researchers from NetScout Arbor reveal the details of a new campaign carried out by the Cobalt Group via spear phishing. One of the targets is Patria Bank.
-
C&A
August 30, 2018
•
[ leak, retail ]
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
-
Family Orbit
August 30, 2018
•
[ hack, leak, misconfiguration ]
An anonymous hacker is able to find the key to the cloud servers of Family Orbit and leaks 281 Gb of pictures and videos.
-
NS Bank
August 30, 2018
•
[ financial, finance, phishing ]
Researchers from NetScout Arbor reveal the details of a new campaign carried out by the Cobalt Group via spear phishing. One of the targets is NS Bank.
-
University of Missouri
August 29, 2018
•
[ social, phishing, education ]
The University of Missouri suspends email delivery after a Missouri State Democratic Party email seeking interns helps jumpstart a phishing attempt.
-
Cloquet School District
August 29, 2018
•
[ ransomware, malware, education ]
Cloquet school district is hit by a ransomware attack second time in the past three years.
-
University of Oregon
August 29, 2018
•
[ social, phishing, education ]
University of Oregon is target of a phishing campaign.
-
Air Canada
August 29, 2018
•
[ hack, misconfiguration ]
Air Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords.
-
West Vancouver
August 28, 2018
•
[ hack, malware, government ]
West Vancouver warns thousands of its residents after discovering hackers installed malicious software on the district server used to store personal information collected through its website. The attack was discovered on July 31.
-
Huazhu Group Ltd.
August 28, 2018
Shanghai police launches an investigation into the alleged massive data breach of Huazhu Group Ltd., one of China's largest hotel operators. An online post emerges, containing nearly 500 million pieces of information related to the hotel group's customers.
-
TheTruthSpy
August 28, 2018
•
[ hack, malware, technology ]
A hacker breaks into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data. The breach occurred on February 2018.
