Portend Breaches

Precon Products December 17, 2016 The Dark Overlord leaks some data from Precon Products including the alleged video of an accident and the Operation Manager's iPhone data.

PayAsUGym December 17, 2016 Fitness website PayAsUGym confirms one of its servers has been hacked and acknowledges that 300,000 email addresses and passwords of its members has been accessed.

Bleacher Report December 16, 2016 • [ hack, technology ] Bleacher Report reports that an unauthorized user gained access to user information for its website and mobile app.

Ukrenergo December 16, 2016 • [ hack, energy ] Ukraine investigates a suspected cyber attack on Kyiv's power grid at the weekend, the latest in a series of strikes on its energy and financial infrastructure.

italiastartupvisa December 16, 2016 • [ hack, ddos, government ] Cryptolulz666 takes down the website of italiastartupvisa.mise.gov.it.

Department of Defense December 16, 2016 Russian hackers reportedly launched a targeted cyberattack on the Pentagon in August 2015, which saw the unclassified email system used by the Joint Chiefs of Staff hijacked, leaving the data of nearly 3,500 military personnel and civilians vulnerable to exposure.

Unknown Organization December 16, 2016 • [ hack, ddos, government ] Cryptolulz666 takes down the website of the Russian Federal Drug Control Service Liquidation Commission (fskn.gov.ru)

Russian Federation Drug Control Service December 16, 2016 • [ hack, ddos, government ] Cryptolulz666 was just testing his own botnet, then later he targeted the website of the Russian Federal Drug Control Service liquidation commission. The Russian website was down for several hours.

Summit Reinsurance Services Inc. December 16, 2016 • [ hack, finance ] Personal Information of about 1000 Black Hawk College employees and their dependents could have been compromised in a hack of Summit Reinsurance Services Inc., a former insurance provider's server.

Ethereum December 16, 2016 In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach. The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed passwords. Ethereum elected to self-submit the data to HIBP, providing the service with a list of email addresses impacted by the incident.

Anti Public Combo List December 16, 2016 • [ leak, misconfiguration ] In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Unknown Organization December 15, 2016 • [ hack, government ] The official website of the Russian National Visa Bureau in the Netherlands (rnvb.nl) is hacked with the information of thousands of people exposed.

Election Assistance Commission December 15, 2016 • [ hack, government ] The Election Assistance Commission, the U.S. agency charged with ensuring that voting machines meet security standards, was itself penetrated by a hacker after the November elections, according to security firm Recorded Future.

Undisclosed Ukrainian banks December 15, 2016 • [ hack, malware, finance ] ESET reports that BlackEnergy, the same group who targeted Ukrainian utilities last December has been using the TeleBots malware against Ukrainian banks in the last month.

PayAsUGym December 15, 2016 • [ hack, leak, misconfiguration ] In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.

Frederick County Public Schools December 14, 2016 • [ leak, education ] Data on about 1,000 former students in Frederick County Public Schools in Maryland was likely exposed in a data breach that occurred prior to 2010 but which was only discovered in September of this year.

Embassy of Russia in Armenia December 14, 2016 Cryptolulz666 breaks into the database of the website of the Russian Embassy of Armenia (embassyru.am) and leaks the corresponding data.

Ukraine's Ministry of Defence December 13, 2016 • [ hack, ddos, government ] Ukraine's defence ministry says that its website is down due to cyber attacks that appeared aimed at disrupting it giving updates on the pro-Russian separatist conflict in eastern regions.

KFC December 12, 2016 KFC warns its 1.2 million Colonel's Club loyalty scheme members that their data may have been breached after its website was hacked. Apparently only 30 users have been affected.

ambru December 12, 2016 • [ hack, sqlinjection, government ] Kapustkiy claims to have stolen thousands of passport numbers and other pieces of personal information from the website of a Russian consular department (ambru.nl).

Recent Breaches