-
Prime Staff Inc.
December 4, 2018
•
[ hack ]
Prime Staff Inc. joins the list of the companies hacked by TheDarkOverlord. Thousands of employees' files are stolen.
-
Caribbean Island Properties
December 4, 2018
•
[ hack ]
Caribbean Island Properties is hacked by TheDarkOverlord.
-
Ukraine Telecommunications Network
December 4, 2018
•
[ espionage, hack, technology ]
The Security Service of Ukraine (SBU) reveals to have stopped a "massive" cyberattack against the country's telecommunications network, and blames the Kremlin for the attempted hack.
-
Czech Ministry of Defense
December 3, 2018
•
[ espionage, hack, government ]
The Czech Security Intelligence Service (BIS) says that two Russian-linked cyber-espionage groups have hacked into the Czech Republic's government networks during 2016 and 2017.
-
OppoSuits
December 3, 2018
•
[ financial, hack, leak ]
Customers of Dutch clothing company OppoSuits are warned to monitor their credit card accounts after the firm discovers the Magecart malware planted on its website could have stolen the details of 7,000 customers.
-
Cancer Treatment Centers of America
December 3, 2018
•
[ social, phishing, healthcare ]
Cancer Treatment Centers of America notifies almost 42,000 patients of possible access to their protected health information after a phishing attack occurred on May 2 and discovered on September 26.
-
Quora
December 3, 2018
Quora announces that one of their systems was hacked on November 30, and has led to the exposure of approximately 100 million user's data to an unauthorized third-party.
-
Window to the World Communications
December 1, 2018
•
[ hack, education ]
Investigations by a law firm and forensic accounting firm determined that emails and personal information of approximately 40 staffers were hacked between December 2018 and August 2020.
-
Chinese citizens
December 1, 2018
•
[ ransomware, malware, technology ]
Over 100,000 computers in China are infected in just a few days by the 'WeChat Ransom' ransomware.
-
Palermo Calcio
December 1, 2018
•
[ leak ]
The Italian Football Team Palermo Calcio reveals to have suffered an intrusion with the consequent leak of fake news about the imminent sale of the team.
-
Dubsmash
December 1, 2018
•
[ leak, misconfiguration, technology ]
In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
-
Fotolog
December 1, 2018
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
-
1-800-FLOWERS
November 30, 2018
The Canadian operations of 1-800-FLOWERS discloses a four-year data breach affecting customers who purchased goods on its website. An unauthorized actor gained access to customers' payment card data from Aug. 15, 2014 through Sept. 15, 2018.
-
Ames Parking Ticket Payment System
November 30, 2018
•
[ hack, malware, government ]
The data breach to Click2Gov online payment system might have exposed information on 4,600 people who used Ames, Iowa, online ticket payment system between Aug. 10 to Nov. 19, 2018.
-
Marriott International
November 30, 2018
The records of 500 million customers of the hotel group Marriott International are compromised. In particular the guest reservation database of its Starwood division has been compromised by an unauthorised party since 2014.
-
Sotheby's
November 30, 2018
•
[ financial, malware, retail ]
Sotheby's Home website is the latest casualty of Magecart after a breach sees card-skimming code deployed by the cyber criminals.
-
Technic Forums
November 30, 2018
•
[ hack ]
Technic Forums is compromised by an unknown third-party.
-
Technic
November 30, 2018
In November 2018, the Minecraft modpack platform known as Technic suffered a data breach. Technic promptly disclosed the breach and advised that the impacted data included over 265k unique users' email and IP addresses, chat logs, private messages and passwords stored as bcrypt hashes with a work factor of 13. Technic self-submitted the breach to HIBP.
-
Dunkin' Donuts
November 29, 2018
•
[ hack, brute-force, retail ]
Dunkin' Donuts informs some of its DD Perks program members that their account information may have been exposed through a credential stuffing attack. The incident was discovered on October 31, 2018.
-