Portend Breaches

Directors Guild of Canada January 7, 2014 • [ hack, leak ] A hacker using the handle legionnare aka ObeySec has hacked the directors guild of Canada (dgc.ca) and leaks 2000+ usernames, email addresses and clear text passwords.

openSUSE January 7, 2014 • [ hack, malware, technology ] The well-known Pakistani hacker H4x0r HuSsY hacks the official Forum of OpenSUSE, defacing it and allegedly compromising the account information of 79,500 registered users.

Staysure January 6, 2014 • [ financial, finance ] The travel insurance company Staysure confirms that customer names, addresses and card payment details (including CVV) have been stolen from customers who took out insurance prior to May 2012. The attack was carried out back in October last year, but the company was slow to react to it.

MMMOOO January 6, 2014 • [ hack, technology ] A group of hackers going by the name HitlerSec hack a Chinese mobile application MMMOOO (immmooo.com) and dump 85,753 email addresses and encrypted passwords.

What.cd January 6, 2014 • [ hack, ddos, technology ] Three of the largest private BitTorrent trackers are offline due to prolonged DDoS attacks. The targets are: What.cd, Broadcasthe.net, PassthePopcorn.me.

World of Warcraft January 6, 2014 • [ hack, malware, technology ] World of Warcraft players are hit with a malicious trojan that hijacks accounts. The malware infects systems by posing as an installer of Curse, a legitimate add-on.

Monju Nuclear Power Plant January 6, 2014 • [ leak, energy ] A server administrator discovers that one of the eight computers in the reactor control room of the Monju Nuclear Plant has been accessed over 30 times in the last five days. More than 42,000 e-mails and staff training reports were stored on the computer.

Tajikistan Domain Registrar January 6, 2014 An Iranian hacker called Mr.Xhat hacks the national domain registrar for Tajikistan (domain.tj), and as a consequence, the local primary domains for Google, Yahoo, Twitter, Amazon are redirected to a defaced page.

Alipay January 6, 2014 A former employee of Alipay and two accomplices are in custody, suspected of having sold customers' personal information to e-commerce companies starting in 2010. A total of 20 Gb of data were exfiltrated from the Back-End Systems.

WPT Amateur Poker League January 4, 2014 • [ hack, leak, misconfiguration ] In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.

Financial Services Online January 3, 2014 • [ hack, finance ] A group of Pakistani hackers called Pakiz Cyber Squad hacks Financial Services Online (financialservicesonline.com.au), and dumps 527 affiliate account credentials.

Steam January 3, 2014 The servers for Steam, Origin, Battle.net, League of Legends, and several other gaming platforms are brought down temporarily by apparent DDoS attacks that seem to be related to a swatting attack on an individual known for streaming games.

Malaysian Ministry of Education January 3, 2014 Hackers belonging to a group called Evil Shadow Team deface the website of Malaysia's Ministry of Education (moe.gov.my).

EA January 3, 2014 The servers for Steam, Origin, Battle.net, and League of Legends are brought down temporarily by apparent DDoS attacks that seem to be related to a swatting attack on an individual known for streaming games.

Snapchat January 2, 2014 • [ leak, misconfiguration, technology ] Greyhat hackers publish the partial phone numbers belonging to more than 4.5 million Snapchat users after exploiting a recently disclosed security weakness that officials of the service had described as theoretical.

Skype's Social Media January 1, 2014 The Syrian Electronic Army hacks Skype's Twitter account, Facebook page, and blog with a message against NSA surveillane.

Barry University January 1, 2014 • [ hack, malware, education ] Barry University notifies patients of its Foot and Ankle Institute that their medical records and personal information may have been hacked by a malware found in May.

Snapchat January 1, 2014 In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed. The attack involved brute force enumeration of a large number of phone numbers against the Snapchat API in what appears to be a response to Snapchat's assertion that such an attack was "theoretical". Consequently, the breach enabled individual usernames (which are often used across other services) to be resolved to phone numbers which users usually wish to keep private.

ThisHabbo Forum January 1, 2014 • [ leak, technology ] In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet. Whilst the actual date of the exploit is not clear, the breached data includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a more comprehensive breach file provided in October 2016.

ReverbNation January 1, 2014 • [ hack, technology ] In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn't identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

Recent Breaches