-
Unknown Organization
September 7, 2016
•
[ hack, ddos, government ]
Servers belonging to the Project on Crowdsourced Imagery Analysis (PCIA), hosting data about nuclear tests, have been the subject of DDoS attacks just two days before North Korea's most recent nuclear tests.
-
eThekwini Municipality
September 7, 2016
In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.
-
Rambler
September 6, 2016
Nearly 100 million usernames and passwords from the Russian internet giant Rambler surface online in the latest in a long line of hacks that first occurred back in 2012.
-
San Francisco Exploratorium Museum
September 6, 2016
•
[ social, phishing, education ]
The San Francisco Exploratorium Museum admits to have fallen victim to a Spear Phishing Attack.
-
University of Alaska
September 6, 2016
University of Alaska officials announces that an attacker using employee credentials may have accessed student information of approximately 5,400 individuals.
-
Real Estate Mogul
September 6, 2016
•
[ hack, misconfiguration, finance ]
In September 2016, the real estate investment site Real Estate Mogul had a Mongo DB instance compromised and 5GB of data downloaded by an unauthorised party. The data contained real estate listings including addresses and the names, phone numbers and 308k unique email addresses of the sellers. Real Estate Mogul was advised of the incident in September 2018 and stated that they "found no instance of user account credentials like usernames and passwords nor billing information within this file".
-
uuu9
September 6, 2016
•
[ leak, technology ]
In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and user names. Read more about Chinese data breaches in Have I Been Pwned.
-
Brazzers
September 5, 2016
•
[ leak, misconfiguration, technology ]
Nearly 800,000 accounts for popular porn site Brazzers have been exposed in a data breach.
-
Digimon
September 5, 2016
•
[ leak, misconfiguration, technology ]
In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on enquiries made via Twitter, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.
-
ClixSense
September 4, 2016
•
[ hack, misconfiguration, technology ]
In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.
-
NemoWeb
September 4, 2016
•
[ leak, misconfiguration, technology ]
In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of NemoWeb but no response was received.
-
Variety
September 3, 2016
•
[ hack, misconfiguration, technology ]
Entertainment news site Variety is briefly taken over by the infamous hacker group OurMine. The hacking collective manages to break into Variety's content management system and defaces the site with a post of their own claiming responsibility for the attack.
-
Twitter
September 3, 2016
•
[ hack, misconfiguration, technology ]
A group of hackers dubbed Spain Squad claims to have found a way to seize inactive and suspended Twitter accounts, and sells them on the social network.
-
Ukrainian alleged pro-Russian Journalists
September 3, 2016
Myrotvorets, a group of Ukrainian nationalist hackers, leaks the personal details of local journalists they consider pro-Russian for the second time in four months.
-
Lightspeed
September 2, 2016
•
[ hack, technology ]
Point of sales vendor Lightspeed is breached with password, customer data, and API keys possibly exposed, and notifies customers in an email saying that the information was contained in a compromised database.
-
Armenian National Security Service
September 2, 2016
•
[ hack, leak, government ]
Azerbaijani hacktivists from Anti-Armenia Team leak the passport details of foreign visitors to Armenia and more after breaking into Armenian government servers.
-
Linode
September 2, 2016
•
[ hack, ddos, technology ]
Linode reports the first of a series of DoS attacks on September 2nd, September 4th and September 5th. Another round will strike the company on Saturday, September 10th. Some of the attacks lasted up to eight hours.
-
2 Hong Kong government agencies
September 1, 2016
•
[ espionage, government ]
Security company FireEye reveals that two Hong Kong government agencies have come under attack from cyberspies originating in China in the month leading up to Sunday's legislative elections.
-
arg.gov.af
September 1, 2016
•
[ hack, government ]
Hacktivist group Ghost Squad Hackers (GSH) defaced 12 websites belonging to the Afghan government.
-
Last
September 1, 2016
•
[ hack, technology ]
More than 43 million of user records from UK-based music streaming service Last.fm surfaced from a hack that occurred in 2012. Each record reportedly contains a username, email address, hashed password and profile data.