-
Adapt
November 5, 2018
•
[ leak, misconfiguration, technology ]
In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles, contact information and data relating to the employer including organisation description, size and revenue. No response was received from Adapt when contacted.
-
WPSandbox
November 4, 2018
•
[ leak, phishing, technology ]
In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it offline, contacted the 858 people who provided information to it then self-submitted their addresses to HIBP. The phishing page requested both email addresses and passwords.
-
Società Italiana degli Autori ed Editori
November 3, 2018
In November 2018, the Societ Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, or SIAE) was hacked, defaced and almost 4GB of data leaked publicly via Twitter. The data included over 14k registered users' names, email addresses and passwords.
-
Society of Authors and Publishers
November 2, 2018
AnonPlus hacks the website of the Italian Society of Authors and Publishers (SIAE) and leak 4Gb of data.
-
ASI Computer Systems
November 2, 2018
•
[ hack, technology ]
ASI Computer Systems notifies some of their customers after discovering that usernames and passwords on a support web site had been hacked prior to December 2016.
-
Saffire Freycinet
November 2, 2018
•
[ hack, retail ]
Guests of two Tasmania's luxury hotels are notified that their personal data may have been accessed by an unauthorised third party.
-
HSBC
November 2, 2018
•
[ hack, finance ]
Attackers gain access to some customer's information in HSBC, such as account numbers, balances, addresses, transaction history, etc.. The attack hits about 1% of U.S. accounts and occurred between October 4, 2018 and October 14, 2018.
-
Ingerop
November 2, 2018
•
[ hack, leak, manufacturing ]
Hackers access confidential documents about nuclear plants and prisons in a cyberattack on the French Ingerop and leak 65Gb of data. The attack occurred back in June.
-
Five Guys
November 2, 2018
•
[ social, phishing, retail ]
Five Guys notifies employees of data breach after an employee falls victim for a phishing attack.
-
Kitronik
November 2, 2018
•
[ hack, malware, retail ]
Educational electronics outlet Kitronik is the latest victim of the Magecart gang. The hack occurred between August and September.
-
Austal
November 1, 2018
•
[ ransomware, manufacturing ]
Australian defence shipbuilder Austal is the victim of a data breach and an extortion attempt. The attackers gain access to ship designs and to some staff email addresses and mobile phone numbers. Fingers point to Iran.
-
Episcopal Health Services
November 1, 2018
•
[ hack, phishing, healthcare ]
Episcopal Health Services notifies patients after employee email accounts are hacked.
-
Healthcare
November 1, 2018
•
[ insider, healthcare ]
Colbi Trent Defiore, an employee at a Virginia tech company, has been sent to prison for stealing PII from Healthcare.gov customers. Defiore improperly accessed the Healthcare.gov database several times in November 2018 and used the stolen information to commit fraud.
-
St. Francis Xavier University
November 1, 2018
•
[ financial, malware, education ]
Canadian St. Francis Xavier University shuts down the entire network following a cryptojacking attack which attempted to use its systems' computing power to mine for Bitcoin.
-
Tallahassee Memorial Hospital
November 1, 2018
Tallahassee Memorial Hospital reports the information of job applicants who applied to the facility may be at risk after a breach at Jobscience, a recruiting firm it uses.
-
Radisson Hotel Group
October 31, 2018
•
[ leak, retail ]
The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme. The incident happened on September 11, but was identified only on October first.
-
NorthBay Healthcare Corporation
October 31, 2018
•
[ leak, healthcare ]
NorthBay Healthcare Corporation suffers a data breach affecting the information of everyone who applied for a position within the organization between December 2012 and May 2018.
-
FIFA
October 30, 2018
•
[ hack ]
FIFA acknowledges that its computer systems were hacked earlier in March, for the second time, and officials from European soccer's governing body fear they also might have suffered a data breach.
-
Elasticsearch Instance of Sales Leads on AWS
October 29, 2018
In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained information relating to individuals and the companies they worked for including their names, email addresses and company name and contact information. Despite best efforts, it was not possible to identify the owner of the data hence this breach as been titled "Elasticsearch Sales Leads".
-
70 Gabon Government Websites
October 28, 2018
•
[ hack, ddos, government ]
The hacktivist group Anonymous takes down 70 Gabon government websites as part of its "anti-dictatorships" campaign.