Creative
May 1, 2018
•[ hack, misconfiguration, technology ]
In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently shut down the forum.
Chegg
April 28, 2018
•[ hack, misconfiguration, education ]
In April 2018, the textbook rental service Chegg suffered a data breach that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes. A small number of records also contained physical address or phone number. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Highway Sign in Arizona
April 27, 2018
•[ hack, misconfiguration, government ]
Someone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text.
Zippy's Restaurants
April 27, 2018
•[ hack, malware, retail ]
The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.
Billings Clinic
April 27, 2018
•[ hack, misconfiguration, healthcare ]
Billings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February.
City of Bologna
April 27, 2018
•[ hack, government ]
The website of the City of Bologna is defaced by AnonPlus.
Scenic Bluffs Community Health Centers
April 27, 2018
•[ hack, phishing, healthcare ]
Scenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party.
Sen. Richard Pan
April 26, 2018
•[ financial, hack, government ]
Sen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year.
Americas Cardroom
April 24, 2018
•[ hack, ddos ]
Poker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom.
MyEtherWallet
April 24, 2018
•[ hack, financial, misconfiguration ]
A hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts.
Red Bull
April 22, 2018
•[ hack, misconfiguration, manufacturing ]
The Red Bull website is defaced twice in few hours, probably exploiting the Drupalgeddon 2 vulnerability.
ilgiornale
April 22, 2018
•[ hack, technology ]
Hackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail.
Questar
April 18, 2018
•[ hack, education ]
Annual tests in several states are delayed by what appears to be a suspected hack to Questar, a K12 assessment solutions provider.
Sangamo Therapeutics
April 18, 2018
•[ hack, phishing, healthcare ]
Sangamo Therapeutics announces a data security incident involving compromise of a senior executive's company email account.
African Embassy in Dublin
April 16, 2018
•[ hack, government ]
Researchers from Lastline reveal that an African ambassador in Dublin was compromised by cyber criminals with hackers gaining access to entire nation's digital data.
TaskRabbit
April 16, 2018
•[ hack, technology ]
TaskRabbit, a web-based service owned by IKEA that connects freelance handymen with clients in various local US markets, emails customers admitting it suffered a security breach. The company takes down its app and website while investigating the incident.
Texas Health Resources
April 14, 2018
•[ hack, phishing, healthcare ]
Texas Health Resources reveals that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts. The breach was discovered in January 4,000 and might impact 4,000 users.
Sucuri
April 12, 2018
•[ hack, ddos, technology ]
The California based website security provider Sucuri suffers a series of massive DDoS attacks causing service outage in West Europe, South America and parts of Eastern United States.
Great Western Railway
April 11, 2018
•[ hack ]
Great Western Railway reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them. According to the operator, about 1,000 of its passengers' details have been exposed.
