Full List

Search

Recent Breaches

• MyHeritage June 4, 2018 • [ leak, healthcare ] MyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.
• Several Australian citizens June 2, 2018 • [ social, malware ] Several Australian citizens are the victims of a tech support scam, through which the attackers are able to take over their webcams and upload videos to YouTube.
• Holland Eye Surgery & Laser Center June 2, 2018 • [ hack, healthcare ] Holland Eye Surgery & Laser Center notifies 42,200 patients about a hack occurred in 2016.
• Shiawassee County June 2, 2018 • [ financial, social, phishing ] The Shiawassee County financial administrator resigns after being caught in a phishing scam and mistakenly wiring $50,000 to an overseas bank account.
• ZenCash June 2, 2018 • [ financial, finance ] ZenCash, an upcoming privacy coin, is the victim of a 51% attack.
• Buffalo Wild Wings June 1, 2018 • [ hack, phishing, retail ] A hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the "secret recipe" for the company's wings.
• The Rhode Island Department of Human Services June 1, 2018 • [ hack, malware, government ] Rhode Island officials say several state agencies are targeted by malware. The list of victims include: the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare.
• Romwe June 1, 2018 • [ hack, retail ] In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
• SHEIN June 1, 2018 In June 2018, online fashion retailer SHEIN suffered a data breach. The company discovered the breach 2 months later in August then disclosed the incident another month after that. A total of 39 million unique email addresses were found in the breach alongside MD5 password hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Exactis June 1, 2018 • [ leak, misconfiguration, technology ] In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
• Sooke School District May 31, 2018 The Sooke School District warns parents about a privacy invasion after an employee's email was hacked.
• Ticketfly May 31, 2018 In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data online to a publicly accessible location. The data included over 26 million unique email addresses along with names, physical addresses and phone numbers. Whilst there were no passwords in the publicly leaked data, Ticketfly later issued an incident update and stated that "It is possible, however, that hashed values of password credentials could have been accessed".
• Ticketfly May 30, 2018 The Ticketfly website is defaced with an image of V from the film V for Vendetta. Unfortunately, after refusing to pay a 1 BTC ransom, Ticketfly reveals that the personal information of 27 million accounts, including ticket buyers and venue operators, was compromised.
• Adult-FanFiction.Org May 30, 2018 • [ leak, misconfiguration, technology ] In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
• Harare Institute of Technology May 28, 2018 • [ leak, education ] A database from the Harare Institute of Technology is leaked, containing 3,500 users.
• Bank of Montreal May 28, 2018 Bank of Montreal, the country's fourth bank, announces to have been contacted by fraudsters claiming to have stolen personal and financial information of a limited number of the bank's customers. According to the bank, less than 50,000 c customers are affected.
• Canadian Imperial Bank of Commerce (CIBC) May 28, 2018 • [ leak, finance ] Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial.
• Taylor Cryptocurrency May 28, 2018 • [ financial, hack, finance ] The creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets.
• Goliath and Goliath May 27, 2018 • [ financial, social, phishing ] Comedy and entertainment agency Goliath and Goliath suffered a loss of more than 300,000 ZAR (22,000 USD worth) in what appears to be a phishing scam.
• Afghan diplomats in Pakistan May 26, 2018 • [ espionage, phishing, government ] Afghan diplomats in Pakistan are warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.