Portend Breaches

The Times of Israel November 2, 2017 The Times of Israel and Asia Times websites are hijacked and defaced by suspected Turkish hackers, who post messages in favor of Palestine, on the 100th anniversary of the Balfour Declaration.

Verticalscope November 2, 2017 For the second time since June 2016, hackers compromise Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts, and sell the stolen account in the black market.

Clarkson Plc November 1, 2017 British shipping services provider Clarkson Plc reveals to have been the victim of a cyber security hack and warns that the person or persons behind the attack may release some data shortly.

Family and Children's Services of Lanark, Leeds and Grenville November 1, 2017 • [ ransomware, malware, healthcare ] Two Ontario children's aid societies (Children's Aid Society of Oxford County and Family and Children's Services of Lanark, Leeds and Grenville) are hit by ransomware.

University of Fraser Valley (UFV) November 1, 2017 An unknown attacker (or groups of attackers) breaches the network of University of Fraser Valley (UFV) and threatens to dump student information unless university top brass pay 30,000 CAD (23,000 USD).

Hetzner November 1, 2017 • [ hack, misconfiguration, technology ] A key database operated by large South African data centre operator and website hosting service provider Hetzner is compromised, and the company advises clients to change their passwords immediately. Compromised data includes customer and bank account details.

Daewoo Shipbuilding & Marine Engineering Co Ltd October 31, 2017 • [ espionage, manufacturing ] North Korea is suspected to have stolen South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering Co Ltd's database in April last year.

Line 204 October 30, 2017 Line 204, a Hollywood film and television production and rental company, reveals that hackers from The Dark Overlord collective have stolen its client database. The breach probably happened in September 2017.

Midland County October 27, 2017 • [ hack, government ] The Midland County District Attorney warns residents after their third-party payment system is hacked.

T-Mobile October 27, 2017 T-Mobile warns customers targeted by hackers trying to take control of their SIM cards, exploiting a vulnerability on its website.

Catholic Charities October 27, 2017 The personal information of about 4,600 past and present clients and several employees of Catholic Charities may have been exposed after a computer server in the Glens Falls office was hacked as early as 2015.

blog October 26, 2017 • [ hack, misconfiguration, technology ] Two hackers going by the online handle of "n3tr1x" and "str0ng" deface the official blog (blog.jquery.com) of jQuery.

MyHeritage October 26, 2017 In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it be attributed to "BenjaminBlue@exploit.im".

Aviva October 25, 2017 • [ hack, misconfiguration, finance ] According to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency.

Tarte Cosmetics October 25, 2017 • [ leak, misconfiguration, retail ] Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.

Dell October 24, 2017 • [ hack, malware, manufacturing ] KrebsOnSecurity reveals that a web site set up by PC maker Dell Inc. to help customers recover from malicious software (DellBackupandRecoveryCloudStorage.com) may have been hijacked for a few weeks this summer.

Fontanka October 24, 2017 Using a tool called Bad Rabbit, a threat actor launched a ransomware operation that encrypted data on networks in Bulgaria, Japan, Russia, Turkey, and Ukraine. The operation is believed to have disrupted the Kiev metro system's payment network and delayed flights at Odessa's airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence.

Appleby October 24, 2017 Appleby, a Bermuda law firm, admits to have been hacked, prompting fears of a Panama Papers-style expos into the tax affairs of the super rich.

Basetools.ws October 24, 2017 • [ ransomware, technology ] A hacker dubbed Mat AKA @0xScripts breaches Basetools.ws, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement.

Coinhive October 23, 2017 • [ hack, malware, technology ] The DNS records for coinhive.com are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users.

Recent Breaches