-
Transmission BitTorrent Client
September 1, 2016
•
[ hack, malware, technology ]
Developers of the Transmission BitTorrent client admitted that hackers replaced downloads of its file-sharing software with trojanized code. The hack, detected within hours, was designed to spread a Mac OS X backdoor, Kidnap, which steals user credentials.
-
exilemod
September 1, 2016
A group of hackers going by the online handle of "Expl.oit" or "Exploit" hack the official website of Exile Mod gaming forum and leak the personal details of 11,902 registered users.
-
University of New Mexico
September 1, 2016
Over 1,000 former students and employees of UNM have their identity stolen from a University database. After a month of silence, UNM establishes a call center to assist victims of the incident.
-
NetProspex
September 1, 2016
•
[ leak, misconfiguration, technology ]
In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.
-
Unknown Organization
August 31, 2016
•
[ leak, healthcare ]
The Al Zahra Private Medical Centre is hacked by an individual calling himself websites-hunter, who dumps the database online.
-
MDPI
August 30, 2016
•
[ leak, misconfiguration, education ]
In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.
-
manaliveinc
August 24, 2016
•
[ hack, healthcare ]
The non-profit organization Man Alive is hacked, and a patient database with sensitive personal and treatment information is put up for sale on the dark web.
-
Baystate Health
August 22, 2016
•
[ social, phishing, healthcare ]
Baystate Health reveals that about 13,000 patients may have had some of their personal information compromised, due to a "phishing" e-mail that was received by some staff members.
-
National Institute of Health
August 21, 2016
In name of #OpSafePharma, the Italian hacktivists hack four healthcare organizations and leak data from two. The hackers attacked the MEDUSA public portal of the National Institute of Health, the Azienda Ospedaliera Santa Maria clinic, the clinic of the University of Naples Federico II, and the ASL TO2 state clinic in Torino.
-
PPCGeeks
August 19, 2016
•
[ hack, sqlinjection, technology ]
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "fall1984@protonmail.com".
-
Sage Software
August 17, 2016
•
[ insider, misconfiguration, technology ]
A data breach at Sage Software may have compromised personal information for employees at 280 UK businesses. The breach was caused by "unauthorised access" by someone using an "internal" company computer login. The alleged author of the attack, a 32 year-old Sage employee was arrested at Heathrow airport.
-
The Equation Group
August 16, 2016
•
[ leak, government ]
An anonymous group calling itself Shadow Brokers publishes what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency known as "The Equation Group".
-
HEI Hotels & Resorts
August 15, 2016
•
[ financial, malware ]
HEI Hotels & Resorts, the chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels, reveals that the payment systems for 20 of its locations has been infected with malware that may have been able to steal tens of thousands of credit card numbers.
-
GeekedIn
August 15, 2016
•
[ leak, misconfiguration, technology ]
In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours.
-
Yulia Stepanova's WADA Account
August 13, 2016
The World Anti-Doping Agency (WADA) confirms that hackers appear to have accessed the online account of Russian athletics doping whistleblower Yulia Stepanova.
-
World Anti-Doping Agency
August 12, 2016
A collective associated with the Polish branch of the Anonymous hacks the servers of the World Anti-Doping Agency and Court of Arbitration for Sport (tas-cas.org) and dumps a 412MB file which contains 3,121 unique email accounts along with their passwords.
-
Democratic Congressional Campaign Committee
August 12, 2016
•
[ leak, government ]
Guccifer 2.0 leaks a fresh batch of documents, memos and passwords, this time from the Democratic Congressional Campaign Committee (DCCC). They include a spreadsheet of congressional contacts' phone numbers and email addresses, internal memos and what purports to be documents stolen from the computer of Nancy Pelosi.
-
LinkedIn
August 11, 2016
•
[ hack, misconfiguration, technology ]
A new lawsuit reveals that data thieves used a massive botnet against LinkedIn to steal members' personal information via information scraping by fake profiles.
-
PAR Technology
August 11, 2016
•
[ financial, malware, technology ]
Forbes reveals that the Carbanak Gang also breached 5 more cash registers providers.
-
swimming
August 11, 2016
Swimming.org.au, the Swimming Australia's website is hit by a DDoS attack in the wake of Olympic gold medallist Mack Horton's comments about his Chinese competitor Sun Yang being a drug cheat.