Full List

Search

Recent Breaches

• AdultFriendFinder October 19, 2016 A hacker known as Revolver or 1x0123 claims to have breached into AdultFriendFinder, posting two screenshots that appeared to show he had access to some portion of the website's infrastructure. Another notorious hacker known as Peace also claims to have hacked in.
• Democratic National Committee October 19, 2016 • [ leak, government ] Guccifer 2.0 is back and leaks new fresh documents relating to the US political system (documents allegedly showing email conversations between DNC employees and Hillary Clinton's presidential campaign staff discussing Donald Trump's position on his tax returns).
• RedBus October 18, 2016 • [ leak, technology ] Online travel giant Ibibo Group-owned ticketing platform RedBus confirms to have been subject to a cyber attack that might have exposed the email addresses of some of its customers.
• University of Santa Clara Office of Marketing and Communication (OMC) October 17, 2016 A hacker dubbed SCUWatch leaks a trove of internal documents from the Office of Marketing and Communications from the University of Santa Clara.
• Road signs in Chicago October 17, 2016 • [ hack, misconfiguration, government ] A number of people at the Chicago's Grand Avenue and Central Avenue intersection witness an unusual message on a construction signboard against the mayor Rahm Emanuel.
• Adult FriendFinder (2016) October 16, 2016 In October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach. The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the world's largest sex & swinger community". Exposed data included usernames, passwords stored as SHA-1 hashes and 170 million unique email addresses. This incident is separate to the 2015 data breach Adult FriendFinder also suffered. The data was provided to HIBP by dehashed.com.
• Evony Gaming October 14, 2016 LeakedSource reveals that Evony Gaming suffered a massive breach involving the usernames, email addresses, unsalted MD5 and SHA-1 passwords and IP addresses of 33 million gamers.
• Noble House Hotels and Resorts October 14, 2016 Noble House Hotels and Resorts notifies guests of payment card breaches at Teton Mountain Lodge & Spa and Hotel Terra. The breached happened on September 5 and September 6.
• Modern Business Systems (MBS) October 13, 2016 • [ leak, technology ] Over 58 million customer records are stolen and leaked online. Data includes names, email and postal addresses, phone numbers, IP addresses and more.
• Potter County October 13, 2016 • [ hack, government ] Potter County officials assure users that their voter information website is safe after learning that hackers gained access to it.
• Vera Bradley October 13, 2016 • [ hack, malware, retail ] American high-end fashion retailer Vera Bradley has revealed that hackers may have accessed customers' card data from payment processing systems at its retail stores this summer.
• John Podesta's Twitter Account October 13, 2016 Clinton campaign chairman John Podesta's Twitter account is hacked and sends out a pro-Trump tweet. Several screenshots also suggest that his phone could have been hacked.
• Exploit.In October 13, 2016 In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
• Blockchain October 12, 2016 The DNS server records for blockchain.info and blockchain.com are hijacked.
• Roman Dobrokhotov October 12, 2016 Several Russian activists and independent journalists have reportedly received warnings notifying them that "government-backed" hackers may be attempting to illegally access their email inboxes.
• SWIFT October 12, 2016 • [ financial, hack, malware ] Symantec reveals that a second group of hackers are attempting to rob banks by targeting SWIFT users deploying the same methods that led to the Bangladesh Bank hacking heist. The tools used are linked to the Odinaff group, which since the beginning of the year, has targeted financial institutions worldwide.
• Unnamed German nuclear power plant October 10, 2016 • [ hack, energy ] According to the International Atomic Energy Agency (IAEA) Director Yukiya Amano, a nuclear power plant became the target of a disruptive cyber attack two to three years ago.
• University of Toyama's Hydrogen Isotope Research Center October 10, 2016 Research data and personal information may have been stolen from a personal computer belonging to a researcher of Tritium, at the University of Toyama's Hydrogen Isotope Research Center. Attackers stole data in three batches: December 2015, March 2016 and June 2016.
• GFAN October 10, 2016 In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and salted and hashed passwords. Read more about Chinese data breaches in Have I Been Pwned.
• Modern Business Solutions October 8, 2016 • [ leak, misconfiguration, technology ] In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone numbers. The data was subsequently attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions. They've yet to acknowledge the incident or explain how they came to be in possession of the data.