Portend Breaches

Noble House Hotels and Resorts October 14, 2016 Noble House Hotels and Resorts notifies guests of payment card breaches at Teton Mountain Lodge & Spa and Hotel Terra. The breached happened on September 5 and September 6.

Modern Business Systems (MBS) October 13, 2016 • [ leak, technology ] Over 58 million customer records are stolen and leaked online. Data includes names, email and postal addresses, phone numbers, IP addresses and more.

Potter County October 13, 2016 • [ hack, government ] Potter County officials assure users that their voter information website is safe after learning that hackers gained access to it.

Vera Bradley October 13, 2016 • [ hack, malware, retail ] American high-end fashion retailer Vera Bradley has revealed that hackers may have accessed customers' card data from payment processing systems at its retail stores this summer.

John Podesta's Twitter Account October 13, 2016 Clinton campaign chairman John Podesta's Twitter account is hacked and sends out a pro-Trump tweet. Several screenshots also suggest that his phone could have been hacked.

Exploit.In October 13, 2016 In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Blockchain October 12, 2016 The DNS server records for blockchain.info and blockchain.com are hijacked.

Roman Dobrokhotov October 12, 2016 Several Russian activists and independent journalists have reportedly received warnings notifying them that "government-backed" hackers may be attempting to illegally access their email inboxes.

SWIFT October 12, 2016 • [ financial, hack, malware ] Symantec reveals that a second group of hackers are attempting to rob banks by targeting SWIFT users deploying the same methods that led to the Bangladesh Bank hacking heist. The tools used are linked to the Odinaff group, which since the beginning of the year, has targeted financial institutions worldwide.

Unnamed German nuclear power plant October 10, 2016 • [ hack, energy ] According to the International Atomic Energy Agency (IAEA) Director Yukiya Amano, a nuclear power plant became the target of a disruptive cyber attack two to three years ago.

University of Toyama's Hydrogen Isotope Research Center October 10, 2016 Research data and personal information may have been stolen from a personal computer belonging to a researcher of Tritium, at the University of Toyama's Hydrogen Isotope Research Center. Attackers stole data in three batches: December 2015, March 2016 and June 2016.

GFAN October 10, 2016 In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and salted and hashed passwords. Read more about Chinese data breaches in Have I Been Pwned.

Modern Business Solutions October 8, 2016 • [ leak, misconfiguration, technology ] In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone numbers. The data was subsequently attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions. They've yet to acknowledge the incident or explain how they came to be in possession of the data.

Pont3 October 6, 2016 • [ leak, misconfiguration, retail ] Pont3, an Australian event organizer, reveals that an unauthorized party had gained access to its mailing list account and downloaded data about individuals that subscribed to various events organized by the company in the past.

The Clinton Foundation October 6, 2016 • [ hack, phishing, healthcare ] The Clinton Foundation warns donors about targeted hacking attempts to steal their personal information.

BuzzFeed October 5, 2016 • [ hack, technology ] OurMine hackers take control of BuzzFeed's website and alter multiple stories published on its site.

store October 4, 2016 Suspected Russian hackers are believed to have been skimming credit card information of Republican donors for the past six months. The NRSC is among more than 5,900 e-commerce sites victims of the same attack.

Spotify October 4, 2016 • [ hack, malware, technology ] Multiple users report that popular music-streaming service Spotify serves malware-laden ads.

The Clinton Foundation October 4, 2016 • [ hack, government ] Guccifer 2.0 posts what the hacker claims are files stolen from the Clinton Foundation, but the foundation says the assertions are not true.

w0rm October 2, 2016 In what is defined a "hacker drama", Peace, of the most known BlackHats defaces the forum of w0rm, another well known blackhat.

Recent Breaches