ClixSense
September 4, 2016
•[ hack, misconfiguration, technology ]
In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.
Variety
September 3, 2016
•[ hack, misconfiguration, technology ]
Entertainment news site Variety is briefly taken over by the infamous hacker group OurMine. The hacking collective manages to break into Variety's content management system and defaces the site with a post of their own claiming responsibility for the attack.
Twitter
September 3, 2016
•[ hack, misconfiguration, technology ]
A group of hackers dubbed Spain Squad claims to have found a way to seize inactive and suspended Twitter accounts, and sells them on the social network.
Lightspeed
September 2, 2016
•[ hack, technology ]
Point of sales vendor Lightspeed is breached with password, customer data, and API keys possibly exposed, and notifies customers in an email saying that the information was contained in a compromised database.
Armenian National Security Service
September 2, 2016
•[ hack, leak, government ]
Azerbaijani hacktivists from Anti-Armenia Team leak the passport details of foreign visitors to Armenia and more after breaking into Armenian government servers.
Linode
September 2, 2016
•[ hack, ddos, technology ]
Linode reports the first of a series of DoS attacks on September 2nd, September 4th and September 5th. Another round will strike the company on Saturday, September 10th. Some of the attacks lasted up to eight hours.
arg.gov.af
September 1, 2016
•[ hack, government ]
Hacktivist group Ghost Squad Hackers (GSH) defaced 12 websites belonging to the Afghan government.
Last
September 1, 2016
•[ hack, technology ]
More than 43 million of user records from UK-based music streaming service Last.fm surfaced from a hack that occurred in 2012. Each record reportedly contains a username, email address, hashed password and profile data.
Transmission BitTorrent Client
September 1, 2016
•[ hack, malware, technology ]
Developers of the Transmission BitTorrent client admitted that hackers replaced downloads of its file-sharing software with trojanized code. The hack, detected within hours, was designed to spread a Mac OS X backdoor, Kidnap, which steals user credentials.
manaliveinc
August 24, 2016
•[ hack, healthcare ]
The non-profit organization Man Alive is hacked, and a patient database with sensitive personal and treatment information is put up for sale on the dark web.
PPCGeeks
August 19, 2016
•[ hack, sqlinjection, technology ]
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "fall1984@protonmail.com".
Epic Games
August 11, 2016
•[ hack, sqlinjection, technology ]
In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.
LinkedIn
August 11, 2016
•[ hack, misconfiguration, technology ]
A new lawsuit reveals that data thieves used a massive botnet against LinkedIn to steal members' personal information via information scraping by fake profiles.
Anderson County
August 10, 2016
•[ hack, government ]
Anderson County government officials and the sheriff's office investigate a possible computer security breach (a "potential system-wide breach" of the main courthouse server) involving 1,800 people.
Unknown Organization
August 9, 2016
•[ hack, ddos, government ]
Millions of Australian citizens hoping to take part in the country's first ever digital census are left frustrated after the website used to complete the survey is taken down by a DDoS attack.
Cross Fire
August 8, 2016
•[ hack, leak ]
In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.
Wishbone (2016)
August 7, 2016
•[ hack, social, technology ]
In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach. The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set. The exposed data included genders, birthdates, email addresses and phone numbers for an audience predominantly composed of teenagers and young adults.
michaelphelps
August 7, 2016
•[ hack, ddos, technology ]
New World Hackers claim responsibility for taking down the personal website of Michael Phelps.
Alexa Losey Twitter Account
August 6, 2016
•[ hack, misconfiguration, technology ]
The OurMine collective hacks the Twitter account of popular Youtuber Alexa Losey.
GTAOnline
August 4, 2016
•[ hack, ddos, technology ]
And this time the PoodleCorp collective claims to have taken down the GTA (Grand Theft Auto) website.
