-
Lanwar
July 28, 2018
•
[ leak, misconfiguration, technology ]
In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.
-
Government agency in the Middle East
July 27, 2018
•
[ espionage, malware, government ]
Researchers from Palo Alto Networks Unit 42 unveils a targeted attack against a government agency in the Middle East carried out by a threat actor dubbed DarkHydrus.
-
Kaiser Permanente
July 27, 2018
Kaiser Permanente's Health Innovations website is defaced by Dohaeragon.
-
Hudl football team
July 27, 2018
Coaches for the football team at Braden River (Bradenton, Fla.), are caught using a college Hudl account to access opponents' game and practice videos.
-
Prison-issued tablets
July 26, 2018
•
[ hack, financial, government ]
Idaho prison officials announce in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts.
-
Yale University
July 26, 2018
Yale University notifies members of breach that took place between 2008 and 2009, when a threat actor managed to access a database and exfiltrate names, Social Security numbers, and dates of birth. The breach was discovered on June 16 this year.
-
KICKICO
July 26, 2018
KICKICO, an Initial Coin Offering (ICO) project suffers a security breach. Attackers access the private key of the smart contract and as a result, steal more than 70 million KickCoins which is around $7.7 million.
-
Blue Springs Family Care
July 26, 2018
•
[ ransomware, malware, healthcare ]
Healthcare provider Blue Springs Family Care discloses a ransomware attack resulting from an authorized access that may have also compromised 44,979 patients records.
-
COSCO
July 25, 2018
•
[ ransomware, malware ]
A ransomware attack severely disables the U.S. network of COSCO (China Ocean Shipping Company), one of the world's largest shipping companies.
-
City of Medford
July 25, 2018
•
[ leak, malware, government ]
1,842 Medford residents are impacted by a City of Medford data breach after the city's online utility billing service is infected with malware. The breaches happened between February 18th through March 14th and March 29th through April 16th.
-
Securities Investors Association Singapore (SIAS)
July 25, 2018
•
[ leak, finance ]
The Securities Investors Association Singapore (SIAS) announces to have suffered a breach. The breach occurred in 2013 and that the NRIC numbers, home addresses, email addresses, mobile and landline numbers of 70,000 people were compromised in the incident.
-
Banks in Chile
July 25, 2018
•
[ hack, leak, finance ]
Hackers from the Shadow Brokers gain access to some 14,000 credit card numbers in Chile and publish them on social media.
-
Krungthai Bank (KTB)
July 25, 2018
•
[ hack, finance ]
Computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) are compromised, affecting the security of the personal and corporate data of more than 120,000 customers.
-
Southern Baptist Convention's International Mission Board
July 24, 2018
•
[ leak, government ]
The Southern Baptist Convention's (SBC) International Mission Board announces to have suffered a data breach earlier this year (on April 11) exposing the personally identifiable information on its current and former employees, volunteers and applicants.
-
The National Bank of Blacksburg
July 24, 2018
Brian Krebs reveals that hackers used phishing emails to break into The National Bank of Blacksburg in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. The breaches happened in May 2016 and January 2017.
-
Verified @AlmostHumanFOX Twitter Account
July 24, 2018
An apparent hacker is able to hack a discontinued TV show's verified Twitter account (@AlmostHumanFOX) to impersonate Justin Sun, the founder of the decentralized Tron currency and promote a cryptocurrency scam.
-
Accreditation, Audit & Risk Management Security, LLC
July 23, 2018
•
[ leak, misconfiguration, government ]
A "security incident" occurred on April 3 at a third-party vendor (Accreditation, Audit & Risk Management Security, LLC) may have compromised the personal information of employees, inmates and others involved with the Pennsylvania Department of Corrections.
-
U.S. Utility Control Rooms
July 23, 2018
Homeland Security Officials reveal that attackers from the malicious actor Dragonfly AKA Energetic Bear might have accessed the control rooms of U.S. Energetic Utilities.
-
Etherscan
July 23, 2018
•
[ hack, xss, finance ]
Visitors of the popular Ethereum blockchain explorer Etherscan.io are shown a pop-up message showing "1337" indicating the website has been compromised.
-
Apollo
July 23, 2018
In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their "revenue acceleration platform" and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they're located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. The Apollo website has a contact form for those looking to get in touch with the organisation.