Full List

Search

Recent Breaches

• Timehop July 8, 2018 Timehop discloses a security breach that has compromised the personal data of 21 million users (essentially its entire user base). Around a fifth of the affected users have also had a phone number that was attached to their account breached in the attack.
• Bookmate July 8, 2018 In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019. The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords stored as salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
• Blizzard Entertainment July 7, 2018 • [ hack, ddos, technology ] Blizzard Entertainment is hit by a DDoS attack. Players of Overwatch, Heroes of the Storm, and World of Warcraft are affected.
• Australian National University July 6, 2018 • [ hack, espionage, education ] China-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.
• VSDC July 6, 2018 Research from Qihoo 360 Total Security reveal that hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software. Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.
• B&B Hospitality Group July 6, 2018 • [ financial, retail ] B&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.
• Lake Oswego School District July 6, 2018 Lake Oswego School District warns students about a phishing email after the District Twitter account and an employee email accounts are hacked.
• Yatra July 5, 2018 Online travel booking website Yatra.com is compromised and attackers steal 5 million user records that include email address & physical addresses, phone numbers & plain text passwords & PINs. The breach happened back in 2013, and it came to light now.
• MSK Group July 5, 2018 • [ hack, healthcare ] MSK Group notifies patients of a data security incident that they discovered on May 7, due to an unauthorized access to certain parts of the network at times over several month.
• 500px July 5, 2018 In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
• Stronghold Kingdoms July 4, 2018 • [ leak, misconfiguration, technology ] In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Taiwan Democratic Progressive Party's (DPP) July 3, 2018 • [ hack, misconfiguration, government ] The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.
• Domain Factory July 3, 2018 German hosting provider Domain Factory experiences a data breach which has exposed customer data. After an unknown threat actor posts claims that suggest they had managed to compromise the firm's systems and access information, the company launches an investigation.
• Israeli Military July 3, 2018 The Israeli military say it had uncovered a plot by Hamas militants to spy on soldiers by befriending them on social media and then luring them into downloading fake dating applications that gave Hamas access to their smartphones.
• Whitbread July 2, 2018 • [ hack, technology ] Whitbread's online recruitment system has suffered a data breach, affecting a number of the company's brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.
• Fortnum & Mason July 2, 2018 • [ leak, misconfiguration, retail ] Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
• BtcTurk July 1, 2018 • [ leak, finance ] Major Turkish crypto exchange BtcTurk confirms a data breach from mid-2018 that leaked sensitive information of over 500,000 users.
• Trezor July 1, 2018 • [ social, phishing, finance ] The team behind the Trezor multi-cryptocurrency wallet service discovers a phishing attack against some of its users that took place over the weekend, carried on via DNS poisoning or BGP hijacking.
• 8fit July 1, 2018 • [ leak, healthcare ] In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
• Zoomcar July 1, 2018 In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.