Full List

Search

Recent Breaches

• Jeffree Star December 10, 2017 • [ hack, leak, insider ] Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.
• Perth Airport December 10, 2017 A Vietnamese man, Le Duc Hoang Hai, is arrested for stealing sensitive security details and building plans from Perth Airport after breaking into its computer systems. The hack happened in March last year, and was carried on using the credentials of a third-party contractor.
• PetFlow December 9, 2017 • [ leak, misconfiguration, retail ] In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
• Israel December 8, 2017 • [ leak, hack, government ] In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.
• Road Sign near North Central Expressway in Dallas December 8, 2017 • [ hack, government ] A traffic sign near North Central Expressway in Dallas is hacked and defaced with an obscene message against the President of United States Donald Trump and his voters.
• Village of Nashotah December 7, 2017 • [ ransomware, malware, government ] The Village of Nashotah pays an unidentified hacker a $2,000 ransom to decrypt its computer system after a hack in late November.
• Clarion University December 7, 2017 • [ social, phishing, education ] Clarion University employees are notified after two employees fall victim of a phishing attack.
• Sinai Health System December 7, 2017 • [ social, phishing, healthcare ] At least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people.
• piZap December 7, 2017 In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Netshoes December 7, 2017 In December 2017, the online Brazilian retailer known as Netshoes had half a million records allegedly hacked from their system posted publicly. The company was contacted by local Brazilian media outlet Tecmundo and subsequently advised that no indications have been identified of an invasion of the company's systems. However, Netshoes' own systems successfully confirm the presence of matching identifiers and email addresses from the data set, indicating a high likelihood that the data originated from them.
• Oromia Media Network December 6, 2017 • [ espionage, malware, technology ] A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
• Henry Ford Health System December 6, 2017 Roughly 18,500 patients at Henry Ford Health System have possibly had their personal information stolen in a data breach occurred in early October after the email credentials of a group of employees were stolen.
• NiceHash December 6, 2017 Bitcoin mining platform and exchange NiceHash is hacked and forced to suspend the operations for 24 hours after cyber criminals make off with $68 million worth in BTC.
• Royal National Institute for the Blind (RNIB) December 6, 2017 • [ financial, healthcare ] Police launch an investigation after 817 people report fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store occurred on November 16th.
• Baptist Health Louisville December 5, 2017 • [ social, phishing, healthcare ] Baptist Health Louisville notifies 880 patients of a phishing incident that occurred in early October.
• Colorado Center for Reproductive Medicine Minneapolis December 5, 2017 • [ ransomware, malware, healthcare ] Colorado Center for Reproductive Medicine Minneapolis warns customers that, in the wake of a ransomware attack that occurred in October 2017, an unauthorized third-party may have breached the clinic's computer security and viewed or accessed patient information that was on the server.
• Netshoes December 5, 2017 Data of 17,908 customers of Brazilian retailer Netshoes is dumped on pastebin.
• Warwick Rowers December 5, 2017 • [ hack, ddos, education ] The website of a naked charity calendar featuring male rowers at Warwick University is taken down by a DDoS attack after having allegedly offended Russia's "gay propaganda" laws.
• ai.type December 5, 2017 • [ leak, misconfiguration, technology ] In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.
• dvd-shop.ch December 5, 2017 • [ leak, misconfiguration, retail ] In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.