Portend Breaches

K Box September 19, 2014 • [ hack, leak ] A Singapore-based karaoke chain, K Box, has members' personal information compromised earlier this week when the hacker group The Knowns' posted the data online. Up to 317,000 members' details could have been.

General Inspectorate of Romanian Police September 19, 2014 • [ hack, government ] Anonymous Romania defaces the home page of the General Inspectorate of Romanian Police (politiaromana.ro).

The Times of Israel September 18, 2014 Visitors of two well-known English-language news websites based in Israel (The Times of Israel and The Jerusalem Post) could have had their computers infected with malware after cybercriminals managed to hijack the digital ads being served on the site.

C&K Systems September 17, 2014 C&K Systems admits that they had suffered a breach of point-of-sale systems tied to their Hosted Managed Services Environment. The incident is behind the credit card breach affecting Goodwill Industries and two other unnamed outsourced companies.

Unnamed oil and gas company September 17, 2014 • [ hack, malware, energy ] Researchers from Bromium are alerted of a watering-hole attack originating from the website of a high-profile technology startup in the oil and gas sector.

RT September 17, 2014 • [ hack, ddos, technology ] RT.com is hit with the most powerful DDoS attack in the website's history, which reached 10 Gbps in strength.

Galilee Development Authority September 17, 2014 • [ hack, government ] In name of OPSaveGaza, AnonGhost defaces the official website of Galilee Development Authority (galil.gov.il) which is directly under the Israeli ministry of Rural Development Authority.

healer September 17, 2014 • [ hack, leak ] @smitt3nz hacks healers.co.uk and dumps over 7,000 username and clear text passwords.

Politica Estadao September 15, 2014 • [ hack, malware ] Sucuri reveals that a popular Brazilian newspaper, Politica Estadao, is hacked by attackers with a code able to attack readers' home routers.

City of Clarkston, GA September 15, 2014 • [ hack, misconfiguration, government ] Iranian hackers from Ashiyane Digital Security Team deface the official website of United States government City of Clarkston, Georgia (clarkstonga.gov).

Freenode September 15, 2014 • [ hack, technology ] Popular IRC network Freenode suffers a security breach and asks users to change their passwords, as they might have been compromised.

Jimmy John's September 14, 2014 • [ financial, malware, retail ] Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving 216 Jimmy John's sandwich shop locations, says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants.

Vodafone Egypt September 13, 2014 • [ hack, technology ] A hacker going with the handle of Ali El Top defaces two official sub-domains of Vodafone Egypt.

George Mason University September 12, 2014 • [ hack, malware, education ] George Mason University reveals to have detected a malware intrusion into its travel booking system on July 16. No personal information is thought to have been viewed, but the incident could have affected up to 4,400 users.

Steam September 12, 2014 Many users of Steam, Valve's online gaming platform, complain about game items stolen. The culprit appears to be a new piece of malware. A variant is also found on Twitch, the Amazon-owned gaming video platform.

Central Utah Clinic September 11, 2014 • [ hack, healthcare ] More than 30,000 patients of the Central Utah Clinic in Provo, Utah might have had their personal health information viewed by an unauthorized intruder who broke into one of the clinic's servers.

Tout September 11, 2014 • [ leak, technology ] In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it to be attributed to "nmapthis@protonmail.com".

We End Violence September 10, 2014 • [ hack, misconfiguration, education ] California-based violence prevention education organization We End Violence discovers a potential intrusion into its Agent of Change application server that could have exposed personal information, and, so far, 79,000 California State University students have been impacted.

mail.ru Dump September 10, 2014 In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain. Whilst unlikely to be the result of a direct attack against mail.ru, the credentials were confirmed by many as legitimate for other services they had subscribed to. Further data allegedly valid for mail.ru and containing email addresses and plain text passwords was added in January 2018 bringing to total to more than 16M records. The incident was also then flagged as "unverified", a concept that was introduced after the initial data load in 2014.

EA Firemonkeys September 9, 2014 • [ hack, technology ] EA confirms that its Australian studio EA Firemonkeys was hacked in September last year and that "a small number of customer email addresses were potentially obtained".

Recent Breaches