Full List

Search

Recent Breaches

• StreetEasy June 28, 2016 • [ hack, technology ] In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Twitter account of Sundar Pichai, Google CEO June 27, 2016 Google CEO Sundar Pichai is the latest victim of the hacking group 'OurMine' after his Twitter-linked Quora account is temporarily compromised and filled with spam links.
• Unnamed jewelry shop June 27, 2016 • [ hack, ddos, retail ] Researchers from Sucuri reveal the details of a massive DDoS attack against an unnamed jewelry shop carried out by leveraging a network of 25,000 compromised CCTV boxes.
• IRS June 27, 2016 The IRS announces that it has removed its electronic filing PIN tool (e-File PIN), following "additional questionable activity."
• Deutsche Telekom June 27, 2016 • [ leak, technology ] Deutsche Telekom has warned its customers that it found account passwords for sale on the dark web.
• Whitepages June 27, 2016 • [ hack, technology ] In mid-2016, the telephone and address directory service Whitepages was among a raft of sites that were breached and their data then sold in early-2019. The data included over 11 million unique email addresses alongside names and passwords stored as either a SHA-1 or bcrypt hash. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
• lookbook.nu June 26, 2016 • [ leak, technology ] Login data of Lookbook's 1.1 million users is available on the darknet for sale.
• South Yorkshire Police June 26, 2016 • [ hack, government ] Two Albanian hackers deface the South Yorkshire Police website.
• Unnamed healthcare organization in the Central/Midwest US June 26, 2016 A hacker called TheDarkOverlord advertises hundreds of thousands of alleged records from healthcare organizations on a dark web marketplace, including social security and insurance policy numbers.
• Unnamed Ukrainian bank June 25, 2016 • [ financial, hack, finance ] Another hack carried on via the SWIFT messaging system: this time hackers have stolen $10 million from an unnamed Ukrainian bank, according to an ISACA report.
• WatchMojo YouTube channel June 25, 2016 • [ hack, technology ] PoodleCorp deface two YouTube Popular Channels: WatchMojo and Redmercy.
• jkanime June 24, 2016 An anime site popular in Mexico and South America is infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors.
• Muslim Match June 24, 2016 In June 2016, the Muslim Match dating website had 150k email addresses exposed. The data included private chats and messages between relationship seekers and numerous other personal attributes including passwords hashed with MD5.
• Official website of Rep. Richard Neal June 23, 2016 • [ hack, ddos, government ] More than a dozen House Democrats' official websites are taken down, after Democrats ended an overnight sit-in to press for a vote on gun control legislation. The outage is affecting the congressional sites of Reps. Earl Blumenauer, John Carney, Rosa DeLauro, Lloyd Doggett, Tammy Duckworth, Donna Edwards, Sam Farr, Tulsi Gabbard, Alan Grayson, Marcy Kaptur, William Keating, John Larson, Jim McDermott, Richard Neal, Ed Perlmutter, Jackie Speier and Filemon Vela.
• Air India June 23, 2016 India's national airline, Air India, is the target of a hacking campaign exploiting members of the airline's frequent-flyer program to make away with air miles.
• Carbonite June 23, 2016 • [ hack, technology ] Online backup service Carbonite forces users to pick new passwords in the wake of discovering that it was under a large-scale account takeover attack.
• 2,347 US Army personals June 23, 2016 • [ leak, government ] As part of #OpSilence, Ghost Squad Hackers publish a file containing data of 2,437 US Army personals including names, emails, phone numbers, full addresses, credit card data.
• Unknown Organization June 23, 2016 • [ hack, education ] Hackers hit the University of Cambridge's Cambridge Schools Classics Project website, exposing the email addresses and cleartext passwords of over 1,500 students and employees.
• Unknown Organization June 22, 2016 • [ hack, ddos, government ] Anonymous Legion claims responsibility for taking down the Minnesota Judicial Branch's website (mncourts.gov).
• The DAO June 21, 2016 • [ hack, finance ] Unknown attackers attack the DAO foundation and steal more than 3.6 million Ethereum (whose value is between $45 and $77 million).