-
Reliance Jio
July 9, 2017
•
[ leak, misconfiguration, technology ]
Personal details of some 120 million Reliance Jio customers are exposed on the Internet in probably the biggest breach of personal data ever in India.
-
Real Estate Business Services (REBS)
July 9, 2017
•
[ leak ]
Real Estate Business Services (REBS), a subsidiary of the California Association of Realtors, acknowledges to have suffered a data breach that exposed user information for a two-month period earlier this year.
-
Avanti Markets
July 8, 2017
•
[ hack, malware, finance ]
Avanti Markets, a self-service payment kiosks vendors acknowledges to have suffered of breach of its internal networks in which hackers were able to push malicious software out to payment devices.
-
Deep Hosting
July 8, 2017
•
[ hack, technology ]
Deep Hosting, a Dark Web hosting service, admits to have suffered a major security incident during which "some sites have been exported".
-
gandi
July 7, 2017
•
[ hack, malware, technology ]
French domain registrar Gandi loses control over 751 customer domains, which have their DNS records altered to point incoming traffic to websites hosting exploits kits.
-
B&B Theatres
July 7, 2017
B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems starting in September 2015.
-
Loews Hotels
July 6, 2017
•
[ hospitality ]
And the same happens for luxury hotel chain Loews Hotels.
-
Hard Rock Hotel and Casino Las Vegas
July 6, 2017
Another consequence of the Sabre breach, Hard Rock Hotels and & Casinos reveals that for seven months, attackers had unauthorized access to a third-party reservation system, which allowed them to attain unencrypted credit card payment information, as well as guest names, addresses and phone numbers.
-
Four Seasons Hotels and Resorts
July 6, 2017
And the list of the victims of the Sabre attack also includes Four Seasons Hotels and Resorts.
-
China Digital Times
July 5, 2017
•
[ social, phishing, technology ]
A threat actor targeted the China Digital Times, a civil-society and news organization based outside China that publishes English- and Chinese-language content, using phishing techniques with the goal of compromising its network.
-
Google
July 3, 2017
•
[ leak, technology ]
In the wake of the breach that occurred at Sabre Hospitality Solutions earlier in May, the personal details of a small number of Google staffers have been exposed, according to a notification letter Google sends out to affected employees.
-
Medicare
July 3, 2017
The Guardian reveals that a darknet trader is illegally selling the Medicare patient details of any Australian on request by "exploiting a vulnerability" in a government system.
-
PVHS-ICM Employee Health and Wellness
July 1, 2017
•
[ ransomware, malware, healthcare ]
PVHS-ICM Employee Health and Wellness notifies its patients to have been hit by a ransomware attack.
-
Wolf Creek Nuclear Operating Corporation
June 30, 2017
•
[ hack, phishing, energy ]
A threat actor targeted employees of companies that operate nuclear power plants in the United States, which prompted the Department of Homeland Security and the FBI to issue an alert to the industry. An administrative network of the Wolf Creek Nuclear Operating Corporation was compromised.
-
Bithumb
June 29, 2017
•
[ hack, finance ]
The largest bitcoin and ether exchange in South Korea by volume, Bithumb, is hacked. The losses could be in the billions of won.
-
ClassicEtherWallet
June 29, 2017
•
[ financial, phishing, finance ]
An unknown attacker gains control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency, being able to phish credentials and redirect transactions. Based on reported cases, the hacker might have stolen nearly $300,000.
-
Ventura County Office Of Education
June 28, 2017
The websites of numerous school districts in Ventura County go offline amid an attack able to redirect users to a group's webpage where pro-ISIS views were posted.
-
Undetermined
June 27, 2017
•
[ ransomware, malware, finance ]
Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine and spread globally.'Australia, Estonia,'Denmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors.
-
8tracks
June 27, 2017
•
[ leak, technology ]
Motherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected accounts could be as high as 18 million.
-
8tracks
June 27, 2017
•
[ hack, misconfiguration, technology ]
In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employees GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses. The complete set of 18M records was later provided by JimScott.Sec@protonmail.com and updated in HIBP accordingly.