-
Midland County
October 27, 2017
•
[ hack, government ]
The Midland County District Attorney warns residents after their third-party payment system is hacked.
-
T-Mobile
October 27, 2017
T-Mobile warns customers targeted by hackers trying to take control of their SIM cards, exploiting a vulnerability on its website.
-
Catholic Charities
October 27, 2017
The personal information of about 4,600 past and present clients and several employees of Catholic Charities may have been exposed after a computer server in the Glens Falls office was hacked as early as 2015.
-
blog
October 26, 2017
•
[ hack, misconfiguration, technology ]
Two hackers going by the online handle of "n3tr1x" and "str0ng" deface the official blog (blog.jquery.com) of jQuery.
-
MyHeritage
October 26, 2017
In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it be attributed to "BenjaminBlue@exploit.im".
-
Aviva
October 25, 2017
•
[ hack, misconfiguration, finance ]
According to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency.
-
Tarte Cosmetics
October 25, 2017
•
[ leak, misconfiguration, retail ]
Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.
-
Dell
October 24, 2017
•
[ hack, malware, manufacturing ]
KrebsOnSecurity reveals that a web site set up by PC maker Dell Inc. to help customers recover from malicious software (DellBackupandRecoveryCloudStorage.com) may have been hijacked for a few weeks this summer.
-
Fontanka
October 24, 2017
Using a tool called Bad Rabbit, a threat actor launched a ransomware operation that encrypted data on networks in Bulgaria, Japan, Russia, Turkey, and Ukraine. The operation is believed to have disrupted the Kiev metro system's payment network and delayed flights at Odessa's airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence.
-
Appleby
October 24, 2017
Appleby, a Bermuda law firm, admits to have been hacked, prompting fears of a Panama Papers-style expos into the tax affairs of the super rich.
-
Basetools.ws
October 24, 2017
•
[ ransomware, technology ]
A hacker dubbed Mat AKA @0xScripts breaches Basetools.ws, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement.
-
Coinhive
October 23, 2017
•
[ hack, malware, technology ]
The DNS records for coinhive.com are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users.
-
Bukalapak
October 23, 2017
In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "Maxime Thalet".
-
Czech Statistical Office (CSU)
October 21, 2017
•
[ hack, ddos, government ]
Two websites run by the Czech Statistical Office (CSU) are taken offline after a DDoS attack tries to disrupt reporting of the country's parliamentary elections.
-
Telitec
October 21, 2017
•
[ hack, ddos, technology ]
In name of #OpCatalunya the Anonymous take down several Spanish including the Constitutional Court.
-
FirstHealth
October 20, 2017
•
[ ransomware, malware, healthcare ]
The network of FirstHealth is hit by WannaCry and forced to suspend operations.
-
Domino's Pizza
October 19, 2017
Domino's Australia investigates a potential breach of its computer systems after a number of customers received personalised spam emails from the pizza company. The company claims the breach happened to a "secondary supplier".
-
Griffin Funeral Home
October 18, 2017
•
[ hack, phishing ]
A sick hack: hackers take over the email account of Griffin Funeral Home, and send email scams to the company's customers, asking for money.
-
Chase Brexton Health Care
October 17, 2017
Chase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack. The phishing emails were sent on August 2 and 3, and by August 4, the attackers had re-routed employees' paychecks.
-
London Bridge Plastic Surgery (LBPS)
October 17, 2017
The Dark Overlord hackers break into London Bridge Plastic Surgery, a high profile, London-based plastic surgeon, and steal photos, including in-progress genitalia and breast enhancement.