-
MSK Group
July 5, 2018
•
[ hack, healthcare ]
MSK Group notifies patients of a data security incident that they discovered on May 7, due to an unauthorized access to certain parts of the network at times over several month.
-
500px
July 5, 2018
In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
-
Stronghold Kingdoms
July 4, 2018
•
[ leak, misconfiguration, technology ]
In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
-
Taiwan Democratic Progressive Party's (DPP)
July 3, 2018
•
[ hack, misconfiguration, government ]
The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.
-
Domain Factory
July 3, 2018
German hosting provider Domain Factory experiences a data breach which has exposed customer data. After an unknown threat actor posts claims that suggest they had managed to compromise the firm's systems and access information, the company launches an investigation.
-
Israeli Military
July 3, 2018
The Israeli military say it had uncovered a plot by Hamas militants to spy on soldiers by befriending them on social media and then luring them into downloading fake dating applications that gave Hamas access to their smartphones.
-
Whitbread
July 2, 2018
•
[ hack, technology ]
Whitbread's online recruitment system has suffered a data breach, affecting a number of the company's brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.
-
Fortnum & Mason
July 2, 2018
•
[ leak, misconfiguration, retail ]
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
-
BtcTurk
July 1, 2018
•
[ leak, finance ]
Major Turkish crypto exchange BtcTurk confirms a data breach from mid-2018 that leaked sensitive information of over 500,000 users.
-
Trezor
July 1, 2018
•
[ social, phishing, finance ]
The team behind the Trezor multi-cryptocurrency wallet service discovers a phishing attack against some of its users that took place over the weekend, carried on via DNS poisoning or BGP hijacking.
-
8fit
July 1, 2018
•
[ leak, healthcare ]
In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
-
Zoomcar
July 1, 2018
In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
-
Notre Dame de Namur University
June 30, 2018
•
[ financial, phishing, education ]
Notre Dame de Namur University notifies some financial aid applicants that their information may have been compromised when an employee fell prey to a phishing attack on April 23, 2018.
-
Hunt Regional Medical Center
June 29, 2018
•
[ hack, healthcare ]
Hunt Regional Medical Center notifies patients of a possible breach due to the hack of an employee email occurred on May 1st, 2018.
-
Algonquin College
June 29, 2018
•
[ hack, education ]
The Algonquin College publishes a note indicating that the education community is still not sure how many current and former students and employees could be affected by a cyber attack that happened weeks earlier.
-
Klook Travel
June 29, 2018
•
[ hack, malware, technology ]
Klook Travel informs its users about a data breach incident it suffered. The attackers exploited a malicious JS code associated with SOCIAPlus, a third-party tool integrated on the site.
-
Typeform
June 29, 2018
•
[ leak, misconfiguration, technology ]
Barcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.
-
Adidas
June 28, 2018
•
[ leak, retail ]
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers.
-
City of Midland
June 28, 2018
City of Midland is the latest municipality being breached because of a vulnerability in the Superion's Click2Gov application.
-
GitHub account of the Gentoo Linux distribution
June 28, 2018
•
[ hack, malware, technology ]
An unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' remain safe.