Portend Breaches

Rambler March 1, 2014 In late 2016, a data dump of almost 100M accounts from Rambler, sometimes referred to as "The Russian Yahoo", was discovered being traded online. The data set provided to Have I Been Pwned included 91M unique usernames (which also form part of Rambler email addresses) and plain text passwords. According to Rambler, the data dates back to March 2014.

Sears February 28, 2014 • [ hack, retail ] Sears Holdings Corp. (SHLD), investigates a possible security breach after the trail of cyberattacks on other retailers (such as Target).

maidansupport February 28, 2014 • [ hack, government ] Hacktivists continue to launch attacks against Ukrainian government websites. The latest targets are the sites of the parliament, or the Verkhovna Rada (rada.gov.ua), the Right Sector nationalist movement (banderivets.org.ua), but also some Euromaidan websites.

Kaiser Permanente February 28, 2014 • [ leak, malware, healthcare ] Health services provider Kaiser Permanente notifies roughly 5,100 members that their personal information may be at risk after malware was discovered on a server used by the Kaiser Permanente Northern California Division of Research.

Alaska Communications February 27, 2014 • [ leak, malware, technology ] Alaska Communications notifies an undisclosed number of current and former employees that their names, addresses, birthdates and Social Security numbers may have been exposed when a company computer was infected with a malware.

Bulk Reef Supply February 27, 2014 • [ hack, retail ] Saltwater aquarium supplies seller Bulk Reef Supply (bulkreefsupply.com) announces that its website was compromised for about six months, and the company is notifying an undisclosed number of customers that their personal data, including credit card information, may have been compromised.

Various Government Websites February 26, 2014 • [ hack, government ] Anonymous hackers once again target several websites of the Philippines government. The hacktivists are protesting against a provision of the Cybercrime Prevention Act that violates freedom of speech.

World Wildlife Fund February 25, 2014 The official websites of World Wildlife Fund (WWF) and Earth Hour Philippines (wwwf.org.ph and earth our.wwf.org.ph) are hacked and defaced by an Indonesian based hacking group called Gantengers Crew.

Network Information Center of Paraguay February 25, 2014 An Iranian hacker calling himself Mormoroth hacks the systems of the Network Information Center of Paraguay (nic.py), hijacking the DNS entries of Google Paraguay (google.com.py).

Griminal February 24, 2014 • [ hack, technology ] Rapper Griminal's Twitter account is hacked and posts suicidal tweets, worrying his fans.

International Council of E-Commerce Consultants February 23, 2014 • [ hack, education ] The website for EC-Council, an International Council of E-Commerce Consultants, is defacedby a hacker calling himself Eugene Belford. He defaces the site with the passport of Edward Snowden.

Spirol February 22, 2014 • [ hack, sqlinjection, manufacturing ] In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirols CRM system ranging from customers names, companies, contact information and over 55,000 unique email addresses.

Spirol International February 21, 2014 • [ leak, manufacturing ] Yet another attack by @DeleteSec. This time the victim is Spirol International (spirol.com) and as a result over 70,889 of the company's affected credentials are leaked online.

Church of Scotland February 21, 2014 • [ hack ] Yet another attack by @security_511. This time the victim is the Church of Scotland (churchofscotland.org.uk) and the dumps contains 1,570 user credentials.

Mercantile Communications Pvt February 20, 2014 Hackers of the Turkish Ajan group are back and target Mercantile Communications Pvt (mos.com.np), a major Nepali Internet service provider (ISP), leaking the database structure information, and over 100 records containing the names and email addresses of the company's employees.

Energie Steiermark February 20, 2014 • [ hack, energy ] Energie Steiermark, an energy company in Austria's Styria province, put out a notice that they have been hacked.

Namecheap February 20, 2014 • [ hack, ddos, technology ] The Web-hosting service Namecheap is hit with one of the largest distributed-denial-of-service attacks affecting roughly 300 domain names hosted by Namecheap.

United Nations Internet Governance Forum February 20, 2014 The hacker collective @deletesec announces a breach and leak of data from the Internet Governance Forum (intgovforum.org), a United nations based website. The leak contains 3,215 users real names, user names, email addresses and encrypted passwords.

UN Internet Governance Forum February 20, 2014 • [ hack, leak, government ] In February 2014, the Internet Governance Forum (formed by the United Nations for policy dialogue on issues of internet governance) was attacked by hacker collective known as Deletesec. Although tasked with "ensuring the security and stability of the Internet", the IGFs website was still breached and resulted in the leak of 3,200 email addresses, names, usernames and cryptographically stored passwords.

Texas State Technical College February 19, 2014 • [ hack, misconfiguration, education ] Texas State Technical College (tstc.edu) Waco notifies almost 3,000 former students and fewer than 2,000 employees that personal information may have been compromised after an unauthorized party remotely gained access to a server that contained the data.

Recent Breaches