UN Internet Governance Forum
February 20, 2014
•[ hack, leak, government ]
In February 2014, the Internet Governance Forum (formed by the United Nations for policy dialogue on issues of internet governance) was attacked by hacker collective known as Deletesec. Although tasked with "ensuring the security and stability of the Internet", the IGFs website was still breached and resulted in the leak of 3,200 email addresses, names, usernames and cryptographically stored passwords.
Forbes
February 15, 2014
•[ leak, technology ]
In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria". The attack not only leaked user credentials, but also resulted in the posting of fake news stories to forbes.com.
ReadingRockets
February 13, 2014
•[ hack, leak, education ]
DeleteSec hacks ReadingRockets.org and leaks around 5,800 accounts. Leaked credentials contain full names, addresses, contact information, email addresses and clear text passwords.
Presidential Adviser
February 13, 2014
•[ hack, leak, government ]
Again an action in name of Opindependence. This time Anonymous Ukraine hacks the e-mail account of Laurynas Jonavicius (adviser of the President of Lithuania), leaking some emails.
Official website of the President of Nepal
February 8, 2014
•[ hack, leak, sqlinjection ]
Two separate attacks deface the official website of Nepal's Office of the President (presidentofnepal.gov.np). In the first case, the attacker who goes by Dr.3v1l, also leaked some information stolen from the DB. The second attack was carried out by an Indian hacker.
Turkcell
February 4, 2014
•[ leak, hack, technology ]
Hackers of the RedHack group claim to have breached the systems of three major telecoms companies: TTNET, Vodafone and Turkcell. After the attack they leak the details of hundreds of individuals from TTNET and 5,000 Vodafone customers.
Turkcell
January 16, 2014
•[ leak, technology ]
Hackers of the RedHack collective leak the phone numbers of over 4,000 people who work for Turkcell, the leading mobile phone operator of Turkey.
Directors Guild of Canada
January 7, 2014
•[ hack, leak ]
A hacker using the handle legionnare aka ObeySec has hacked the directors guild of Canada (dgc.ca) and leaks 2000+ usernames, email addresses and clear text passwords.
Monju Nuclear Power Plant
January 6, 2014
•[ leak, energy ]
A server administrator discovers that one of the eight computers in the reactor control room of the Monju Nuclear Plant has been accessed over 30 times in the last five days. More than 42,000 e-mails and staff training reports were stored on the computer.
WPT Amateur Poker League
January 4, 2014
•[ hack, leak, misconfiguration ]
In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.
Snapchat
January 2, 2014
•[ leak, misconfiguration, technology ]
Greyhat hackers publish the partial phone numbers belonging to more than 4.5 million Snapchat users after exploiting a recently disclosed security weakness that officials of the service had described as theoretical.
ThisHabbo Forum
January 1, 2014
•[ leak, technology ]
In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet. Whilst the actual date of the exploit is not clear, the breached data includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a more comprehensive breach file provided in October 2016.
Astropid
December 19, 2013
•[ social, leak, forum ]
In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description. The breach resulted in nearly 6k user accounts and over 220k private messages between forum members being exposed.
Pixel Federation
December 4, 2013
•[ hack, leak ]
In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.
Crack Community
September 9, 2013
•[ leak, sqlinjection, technology ]
In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.
Win7Vista Forum
September 3, 2013
•[ hack, leak, technology ]
In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k members personal information and other internal data extracted from the forum.
Yatra
September 1, 2013
•[ leak, misconfiguration, technology ]
In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text. The site was previously reported as compromised on the Vigilante.pw breached database directory.
Evite
August 11, 2013
•[ leak, misconfiguration, technology ]
In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
