Full List

Search

Recent Breaches

• Unknown Organization September 1, 2017 • [ leak, government, healthcare ] The Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children's Services.
• Hand Rehabilitation Specialists September 1, 2017 • [ hack, healthcare ] Hand Rehabilitation Specialists notifies patients of a possible hack by The Dark Overlord that occurred back in July.
• Purdue University Pharmacy September 1, 2017 • [ hack, malware, healthcare ] Patients of the Purdue University Pharmacy and the Family Health Clinic of Carroll County receive notices that their information might be compromised because of a security breach. A malicious file was installed on some computers on September 1st.
• TrueStresser September 1, 2017 A dissatisfied customer breaches the server of TrueStresser, a DDoS-for-hire service, pilfering its database, and leaking some of the content online.
• TGBUS September 1, 2017 In approximately 2017, it's alleged that the Chinese gaming site known as TGBUS suffered a data breach that impacted over 10 million unique subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Read more about Chinese data breaches in Have I Been Pwned.
• WikiLeaks August 31, 2017 • [ hack ] WikiLeaks' website appears to have been hacked by the OurMine collective.
• Central German state of Saxony-Anhalt August 31, 2017 • [ ransomware, malware, government ] Internet and telephone networks at the regional parliament in the central German state of Saxony-Anhalt are offline after a ransomware attack.
• Free Online File Converter August 31, 2017 An anonymous researcher reveals that the server hosting dozens of free-to-use online file conversion websites, including combinepdf.com, imagetopdf.com, jpg2pdf.com, pdftoimage.com, pdfcompressor.com, and wordtojpeg.com, has been hacked several times in the past year.
• Instagram August 31, 2017 Instagram reveals that one or more hackers have been stealing celebrities' e-mail addresses, phone numbers, and other personal information by exploiting a bug. A database, Doxagram, is published online immediately after with the attacker claiming to have stolen 6 million records.
• Medical Oncology Hematology Consultants August 31, 2017 • [ ransomware, malware, healthcare ] Medical Oncology Hematology Consultants, reports a ransomware attack that affected 19,203 patients.
• dms[.]nwcg[.]gov August 30, 2017 Ankit Anubhav of NewSky Security discovers a U.S. government website hosting a malicious JavaScript downloader, leading victims to installations of Cerber ransomware.
• CeX August 29, 2017 • [ hack, retail ] Second-hand electronics dealership CeX notifies 2 million customers that their personal information may have been compromised by hackers.
• The Young Illustrator Award site administered by Meridian Secondary School August 29, 2017 • [ hack, education ] The Young Illustrator Award site administered by Meridian Secondary School is taken down after being hacked.
• NHS Lanarkshire August 29, 2017 • [ ransomware, malware, healthcare ] NHS services in Lanarkshire (Scotland) are hit by a new ransomware campaign. The culprit is identified as a new variant of Bitpaymer ransomware.
• Zazzle August 28, 2017 • [ hack, brute-force, retail ] Zazzle sends an email to customers revealing that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.
• Real Madrid Twitter Account August 28, 2017 • [ hack, social, technology ] Real Madrid's official Twitter account is hacked with a post announcing the signing of rival Lionel Messi appearing on their feed.
• Selena Gomez Instagram account August 28, 2017 • [ hack, technology ] Selena Gomez's Instagram account is hacked and posts several nude photos of Justin Bieber.
• Onliner Spambot August 28, 2017 In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow mouq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
• DreamHost August 25, 2017 DreamHost is hit by a powerful and sustained DDoS attack after briefly hosting a new edition of the neo-Nazi website Daily Stormer.
• HIDS4U August 25, 2017 UK firm HIDS4U, warns customers to be wary of phishing emails after it came to light that a database of customers was found on a hacked website.