-
City of Tyler
September 11, 2018
•
[ hack, government ]
The city of Tyler is the latest victim of the Click2Gov payment system breach.
-
University of Louisville
September 11, 2018
•
[ hack, education ]
Nearly 250 University of Louisville faculty and staff enrolled between 2007 and 2014 have their personal info stolen through the "Get Healthy Now" program.
-
Kayo.moe Credential Stuffing List
September 11, 2018
In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe. The operator of the service contacted HIBP to report the data which, upon further investigation, turned out to be a large credential stuffing list. For more information, read about The 42M Record kayo.moe Credential Stuffing Data.
-
DEOSGames
September 10, 2018
•
[ financial, technology ]
Betting platform DEOSGames is drained of a significant chunk of its operating funds in a heist that netted one 'lucky' punter almost $24,000.
-
FreshMenu
September 10, 2018
•
[ hack, retail ]
The Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016.
-
C-CEX
September 9, 2018
•
[ hack, finance ]
Cryptocurrency exchange C-CEX is hacked. The attackers are successfully able to withdraw all Litecoin (LTC) and Dogecoin (DOGE) from company servers.
-
U.S. Department of State
September 7, 2018
•
[ leak, government ]
The State Department suffers a breach of its unclassified email system, and the compromise exposes the personal information of a small number of employees.
-
British Airways
September 6, 2018
British Airways notifies authorities, after being hacked between August 21 and September 5, with 380,000 payments compromised.
-
Mammoth Screen
September 6, 2018
•
[ hack ]
A threat actor targeted Mammoth Screen, a UK production company that produced Opposite Number, a television drama set in North Korea.
-
Cork City Park by Phone
September 6, 2018
•
[ leak ]
A data breach at Cork City Park by Phone service in Ireland affects more than 5,000 people. The unauthorized access started in May.
-
Rousseau
September 5, 2018
•
[ leak, government ]
Rousseau, the online platform of the Italian Five Star Movement is hacked again by rogue0, who leaks private data related to the donors.
-
Color Dating
September 5, 2018
•
[ hack, misconfiguration, technology ]
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
-
Knuddels
September 5, 2018
•
[ leak, misconfiguration, technology ]
In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined 20k for the breach.
-
Boa Vista SCPC
September 4, 2018
•
[ hack, finance ]
Brazilian credit bureau Boa Vista SCPC investigates a possible hack, after a group of hackers called Fatal Error claimed it accessed the database of the company which has more than 350M personal data.
-
Mega
September 4, 2018
The official Chrome extension for the MEGA.nz file sharing service is compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accounts.
-
Hoopeston Area School District
September 3, 2018
•
[ hack, education ]
The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.
-
South African Department of Labour
September 3, 2018
•
[ hack, ddos, government ]
The South African Department of Labour confirms a DDoS attack which disrupted the government agency's website.
-
EscortReviews
September 1, 2018
•
[ hack, misconfiguration, technology ]
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. The site ran vBulletin 3.8.9, which has known vulnerabilities that could allow attackers to breach the site. It is unknown if the forum was hacked using one of these vulnerabilities or if the site left an unsecured backup of the database online.
-
Town of Midland
September 1, 2018
•
[ ransomware, malware, government ]
The small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities computer system with a ransomware attack.
-
Multiplayer.it
September 1, 2018
In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum. The impacted data included email addresses, usernames and salted MD5 password hashes. Multiplayer.it subsequently confirmed the breach dated back 6 years to September 2018 and was merely re-posted in 2024.