-
PureMatrimony
May 18, 2017
Muslim focused site PureMatrimony.com says it has informed its users of an apparent data breach, and asked them to reset their passwords. 120,000 accounts are compromised.
-
DaFont
May 18, 2017
•
[ hack, technology ]
The popular font sharing site DaFont.com is hacked, exposing the site's entire database of 699,464 user accounts.
-
Equifax
May 18, 2017
Equifax reveals the details of an unauthorized access to customers' employee tax records happened that between April 17, 2016 and March 29, 2017. The list of victims includes including defense contractor giant Northrop Grumman; staffing firm Allegis Group; Saint-Gobain Corp.; Erickson Living; and the University of Louisville.
-
Panic
May 18, 2017
•
[ hack, malware, technology ]
Apple app maker Panic's CEO Steven Frank says he mistakenly downloaded the malware-laced DVD-ripping app HandBrake resulting in some of the company's source code being stolen.
-
University of California Los Angeles
May 18, 2017
•
[ hack, education ]
UCLA reports a cyberattack against a Summer Sessions & International Education Office server that contains personal information provided by students. The attack happened on May 18 and affects potentially up to 32,000 students.
-
US Department of Defense
May 18, 2017
•
[ espionage, malware, government ]
A Times report suggests that Russia may have used Twitter as a tool of international espionage: agents of the Russian government could have sent malware-laced Twitter messages to more than 10,000 employees of the US Department of Defense.
-
Andres Villarreal
May 17, 2017
•
[ espionage, malware, government ]
The Mexican government is suspected of using NSO Group spyware to compromise the personal devices of journalists, lawyers, activists, scientists, politicians, and civil society organizations. One of the victims is Andres Villarreal, a journalist at R'o Doce and a colleague of Javier Valdez. Valdez was killed in May 2017 and was investigating organized crime in the state of Sinaloa.
-
UK Parliament
May 17, 2017
The Telegraph reveals that members of UK Parliament have been deliberately targeted by hackers trying to break into online accounts, earlier this year.
-
Zomato
May 17, 2017
Zomato, the popular restaurant and event listing service, is hacked and 17 million accounts are listed for sale on the dark web. The data on sale includes emails and hashed passwords of Zomato users, but the company said no payment or credit card data was not affected.
-
Zomato
May 17, 2017
•
[ hack, technology ]
In May 2017, the restaurant guide website Zomato was hacked resulting in the exposure of almost 17 million accounts. The data was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not present on all accounts). This data was provided to HIBP by whitehat security researcher and data analyst Adam Davies.
-
Bell Canada
May 16, 2017
•
[ hack, technology ]
Bell Canada says that 1.9 million customer account details have been stolen by unknown hackers, although no payment card numbers or passwords have been taken.
-
University of New Mexico Foundation
May 16, 2017
A month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation begins sending notification letters about the incident.
-
DaFont
May 16, 2017
•
[ hack, sqlinjection, technology ]
In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.
-
Docusign
May 15, 2017
DocuSign acknowledges that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems.
-
Unnamed military contractor
May 15, 2017
•
[ espionage, malware, government ]
TrapX reveals to have repelled an attack against an unnamed military contractor carried on by Iranian hackers using a Russian Toolset.
-
Philippine Government
May 15, 2017
Vietnamese threat actor Ocean Lotus has released documents stolen from the Philippine government including a transcript of a phone call between President Duterte and President Trump.
-
Bell (2017 breach)
May 15, 2017
•
[ leak, insider, telecommunications ]
In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more. The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.
-
West Bengal State Electricity Distribution Company
May 12, 2017
•
[ ransomware, malware, energy ]
A threat actor used a tool called WannaCry to encrypt data in compromised networks, and intended to provide the victims with the decryption key only after a ransom had been paid. The threat actors used an exploit, called EternalBlue--first discovered by the U.S. National Security Agency--to propagate WannaCry in organizations using the Windows operating system.
-
Brooks Brothers
May 12, 2017
•
[ financial, malware, retail ]
U.S. clothing company Brooks Brothers reveals that payment card information of certain customers was compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March.
-
National University of Singapore (NUS)
May 12, 2017
•
[ espionage, education ]
Reports emerge that two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data.