Full List

Search

Recent Breaches

• Brazzers September 5, 2016 • [ leak, misconfiguration, technology ] Nearly 800,000 accounts for popular porn site Brazzers have been exposed in a data breach.
• Digimon September 5, 2016 • [ leak, misconfiguration, technology ] In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on enquiries made via Twitter, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.
• ClixSense September 4, 2016 • [ hack, misconfiguration, technology ] In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.
• NemoWeb September 4, 2016 • [ leak, misconfiguration, technology ] In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of NemoWeb but no response was received.
• Variety September 3, 2016 • [ hack, misconfiguration, technology ] Entertainment news site Variety is briefly taken over by the infamous hacker group OurMine. The hacking collective manages to break into Variety's content management system and defaces the site with a post of their own claiming responsibility for the attack.
• Twitter September 3, 2016 • [ hack, misconfiguration, technology ] A group of hackers dubbed Spain Squad claims to have found a way to seize inactive and suspended Twitter accounts, and sells them on the social network.
• Ukrainian alleged pro-Russian Journalists September 3, 2016 Myrotvorets, a group of Ukrainian nationalist hackers, leaks the personal details of local journalists they consider pro-Russian for the second time in four months.
• Lightspeed September 2, 2016 • [ hack, technology ] Point of sales vendor Lightspeed is breached with password, customer data, and API keys possibly exposed, and notifies customers in an email saying that the information was contained in a compromised database.
• Armenian National Security Service September 2, 2016 • [ hack, leak, government ] Azerbaijani hacktivists from Anti-Armenia Team leak the passport details of foreign visitors to Armenia and more after breaking into Armenian government servers.
• Linode September 2, 2016 • [ hack, ddos, technology ] Linode reports the first of a series of DoS attacks on September 2nd, September 4th and September 5th. Another round will strike the company on Saturday, September 10th. Some of the attacks lasted up to eight hours.
• 2 Hong Kong government agencies September 1, 2016 • [ espionage, government ] Security company FireEye reveals that two Hong Kong government agencies have come under attack from cyberspies originating in China in the month leading up to Sunday's legislative elections.
• arg.gov.af September 1, 2016 • [ hack, government ] Hacktivist group Ghost Squad Hackers (GSH) defaced 12 websites belonging to the Afghan government.
• Last September 1, 2016 • [ hack, technology ] More than 43 million of user records from UK-based music streaming service Last.fm surfaced from a hack that occurred in 2012. Each record reportedly contains a username, email address, hashed password and profile data.
• Transmission BitTorrent Client September 1, 2016 • [ hack, malware, technology ] Developers of the Transmission BitTorrent client admitted that hackers replaced downloads of its file-sharing software with trojanized code. The hack, detected within hours, was designed to spread a Mac OS X backdoor, Kidnap, which steals user credentials.
• exilemod September 1, 2016 A group of hackers going by the online handle of "Expl.oit" or "Exploit" hack the official website of Exile Mod gaming forum and leak the personal details of 11,902 registered users.
• University of New Mexico September 1, 2016 Over 1,000 former students and employees of UNM have their identity stolen from a University database. After a month of silence, UNM establishes a call center to assist victims of the incident.
• NetProspex September 1, 2016 • [ leak, misconfiguration, technology ] In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.
• Unknown Organization August 31, 2016 • [ leak, healthcare ] The Al Zahra Private Medical Centre is hacked by an individual calling himself websites-hunter, who dumps the database online.
• MDPI August 30, 2016 • [ leak, misconfiguration, education ] In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.
• manaliveinc August 24, 2016 • [ hack, healthcare ] The non-profit organization Man Alive is hacked, and a patient database with sensitive personal and treatment information is put up for sale on the dark web.