Tracki
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
Welhof
August 14, 2024
•[ leak, retail ]
In August 2024, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Star Health and Allied Insurance
August 13, 2024
•[ leak, misconfiguration, finance ]
Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram
CreditRiskMonitor
August 7, 2024
•[ leak, finance ]
CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, discloses a data breach impacting employees and contractors.
Avis
August 3, 2024
•[ leak, automotive ]
American car rental giant Avis notifies over 299,000 customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
Not SOCRadar
August 3, 2024
•[ leak, misconfiguration, technology ]
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Truffaut
August 1, 2024
•[ leak, retail ]
Truffaut, another retailer in France also suffers a breach impacting around 277,000 records.
Fresnillo PLC
July 30, 2024
•[ hack, leak, manufacturing ]
Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack.
Community Care Alliance
July 29, 2024
•[ ransomware, leak, malware ]
Community Care Alliance is listed in the Rhysida ransomware leak site.
Delhi Hospital
July 29, 2024
•[ ransomware, leak, malware ]
Delhi Hospital (also known as Richard Parish Hospital) in Louisiana is added to the RADAR and DISPOSSESSORs (R&D) ransomware leak site.
Ubook
July 28, 2024
•[ leak, misconfiguration, technology ]
In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.
Israeli Olympic athletes
July 26, 2024
•[ leak ]
The sensitive data of several Israeli athletes in the Paris Olympic Games is published on Telegram in an alleged doxing attack by a group calling itself "Zeus".
Avanpost
July 26, 2024
•[ hack, leak, technology ]
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, claims it hacked the Russian information security firm Avanpost and leaked 390 gigabytes of its data, destroyed over 60 terabytes, and disrupted over 400 virtual machines and physical workstations.
Team Software
July 26, 2024
•[ leak, technology ]
Business software maker Team Software (WorkWave) revealed this week that a recent data breach impacts nearly 100,000 individuals.
Schneider Regional Medical Center
July 21, 2024
•[ ransomware, leak, malware ]
Schneider Regional Medical Center in the Virgin Islands is added to Qilins ransomware leak site.
Stealer Logs Posted to Telegram
July 18, 2024
•[ leak, malware ]
In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.
AT&T
July 12, 2024
•[ leak, misconfiguration, technology ]
AT&T warns of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account.
Lulu Hypermarket
July 10, 2024
•[ leak, retail ]
Lulu Hypermarket experiences a data breach, exposing over 200,000 customer records. The attack, claimed by IntelBroker, includes personal details such as email addresses and phone numbers. The full database, allegedly containing millions of user and order details, might be leaked in the future.
Undisclosed app
July 7, 2024
•[ leak, misconfiguration, retail ]
E-commerce platform Shopify denies it suffered a data breach after a threat actor with the moniker of 888 begins selling customer data they claim was stolen from the company's network. According to Shopify, the data loss reported was caused by a third-party app.
MSI
July 7, 2024
•[ leak, misconfiguration, technology ]
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number.etc)".
