Full List

Search

Recent Breaches

• Tarte Cosmetics October 25, 2017 • [ leak, misconfiguration, retail ] Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.
• Dell October 24, 2017 • [ hack, malware, manufacturing ] KrebsOnSecurity reveals that a web site set up by PC maker Dell Inc. to help customers recover from malicious software (DellBackupandRecoveryCloudStorage.com) may have been hijacked for a few weeks this summer.
• Fontanka October 24, 2017 Using a tool called Bad Rabbit, a threat actor launched a ransomware operation that encrypted data on networks in Bulgaria, Japan, Russia, Turkey, and Ukraine. The operation is believed to have disrupted the Kiev metro system's payment network and delayed flights at Odessa's airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence.
• Appleby October 24, 2017 Appleby, a Bermuda law firm, admits to have been hacked, prompting fears of a Panama Papers-style expos into the tax affairs of the super rich.
• Basetools.ws October 24, 2017 • [ ransomware, technology ] A hacker dubbed Mat AKA @0xScripts breaches Basetools.ws, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement.
• Coinhive October 23, 2017 • [ hack, malware, technology ] The DNS records for coinhive.com are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users.
• Bukalapak October 23, 2017 In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "Maxime Thalet".
• Czech Statistical Office (CSU) October 21, 2017 • [ hack, ddos, government ] Two websites run by the Czech Statistical Office (CSU) are taken offline after a DDoS attack tries to disrupt reporting of the country's parliamentary elections.
• Telitec October 21, 2017 • [ hack, ddos, technology ] In name of #OpCatalunya the Anonymous take down several Spanish including the Constitutional Court.
• FirstHealth October 20, 2017 • [ ransomware, malware, healthcare ] The network of FirstHealth is hit by WannaCry and forced to suspend operations.
• Domino's Pizza October 19, 2017 Domino's Australia investigates a potential breach of its computer systems after a number of customers received personalised spam emails from the pizza company. The company claims the breach happened to a "secondary supplier".
• Griffin Funeral Home October 18, 2017 • [ hack, phishing ] A sick hack: hackers take over the email account of Griffin Funeral Home, and send email scams to the company's customers, asking for money.
• Chase Brexton Health Care October 17, 2017 Chase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack. The phishing emails were sent on August 2 and 3, and by August 4, the attackers had re-routed employees' paychecks.
• London Bridge Plastic Surgery (LBPS) October 17, 2017 The Dark Overlord hackers break into London Bridge Plastic Surgery, a high profile, London-based plastic surgeon, and steal photos, including in-progress genitalia and breast enhancement.
• Microsoft October 17, 2017 • [ hack, technology ] According to five former employees, Microsoft Corp's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago.
• We Heart It October 16, 2017 • [ leak, technology ] We Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.
• Bithumb October 16, 2017 • [ hack, finance ] Local news publications and leading media outlets in South Korea reported that Bithumb, the world's largest cryptocurrency exchange by trading volume, suffered a security breach that affected 30,000 users on the trading platform.
• Pizza Hut October 15, 2017 • [ hack, retail ] Pizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.
• Politifact October 13, 2017 • [ hack, malware, technology ] Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive.
• Public Transport Operator Vasttrafik October 12, 2017 The Sweden Transport Agency (Transportstyrelsen), and public transport operator Vasttrafik are hit by a DDOS attack.