Portend Breaches

Empireminecraft September 14, 2016 Empireminecraft notifies its users of the compromise of one of the staff member's email account. As a result the attacker was able to access confidential information.

ClixSense September 13, 2016 Plaintext passwords, usernames, e-mail addresses, and other personal information for more than 2.2 million people who created accounts with ClixSense are published online. The attackers claim to release additional 4.4 million accounts.

Unknown Organization September 11, 2016 A group of cyber criminals defaces the official website of Bremerton Housing Authority (bremertonhousing.org) and demands $4,000 as ransom.

QIP September 10, 2016 QIP.ru is the latest organization to join the list of companies hit by mega breaches. A hacker dubbed daykalif dumps a trove of 33 million accounts.

Leet September 10, 2016 • [ hack, technology ] In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes. A further 3 million accounts were obtained and added to HIBP several days after the initial data was loaded bringing the total to over 5 million.

VoIPTalk September 9, 2016 • [ hack, technology ] Telephony provider VolPtalk may have been hit by hackers. The firm discreetly informs customers about a potential data breach and request to reset their passwords as a precautionary measure.

Almelo September 9, 2016 • [ hack, government ] Hackers steal 22 gigabytes of data from municipal servers in Almelo.

Unknown Organization September 9, 2016 • [ hack, ddos, finance ] Turkish hackers have launched DoS (Denial-of-Service) attacks against the web servers of the Austrian National Bank (OeNB).

KrebsOnSecurity September 9, 2016 • [ hack, ddos, technology ] Security researcher Brian Krebs' website KrebsOnSecurity comes under "heavy and sustainable" attack after two 18 year-old Israeli hackers were arrested over their connection with a DDoS-for-hire service called vDOS.

Unknown Organization September 9, 2016 • [ hack, technology ] Popular science website EurekAlert!, which handles embargoed reports on health, medicine, and technology is hacked. The announcement in the website states that usernames and passwords to the service have been compromised. The hacker has also leaked two embargoed reports.

vDoS September 8, 2016 • [ hack, leak, ddos ] vDos, a "booter" service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 DDoS attacks is massively hacked, spilling secrets about tens of thousands of paying customers and their targets.

Hutton Hotel September 7, 2016 The Hutton Hotel says it engaged a third-party cyber security firm after it was notified of a possible breach by its payment processor. The investigation found that malware designed to capture card data had been installed on the hotel's payment processing system.

Vienna Airport September 7, 2016 • [ hack ] Austrian police investigates a failed cyberattack on Vienna's airport saying they are looking into the authenticity of a claim of responsibility from a Turkish nationalist group.

Unknown Organization September 7, 2016 • [ hack, ddos, government ] Servers belonging to the Project on Crowdsourced Imagery Analysis (PCIA), hosting data about nuclear tests, have been the subject of DDoS attacks just two days before North Korea's most recent nuclear tests.

eThekwini Municipality September 7, 2016 In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.

Rambler September 6, 2016 Nearly 100 million usernames and passwords from the Russian internet giant Rambler surface online in the latest in a long line of hacks that first occurred back in 2012.

San Francisco Exploratorium Museum September 6, 2016 • [ social, phishing, education ] The San Francisco Exploratorium Museum admits to have fallen victim to a Spear Phishing Attack.

University of Alaska September 6, 2016 University of Alaska officials announces that an attacker using employee credentials may have accessed student information of approximately 5,400 individuals.

Real Estate Mogul September 6, 2016 • [ hack, misconfiguration, finance ] In September 2016, the real estate investment site Real Estate Mogul had a Mongo DB instance compromised and 5GB of data downloaded by an unauthorised party. The data contained real estate listings including addresses and the names, phone numbers and 308k unique email addresses of the sellers. Real Estate Mogul was advised of the incident in September 2018 and stated that they "found no instance of user account credentials like usernames and passwords nor billing information within this file".

uuu9 September 6, 2016 • [ leak, technology ] In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and user names. Read more about Chinese data breaches in Have I Been Pwned.

Recent Breaches