Bihar Police Subordinate Services Commission (BPSSC)
January 29, 2021
•[ leak, government ]
Researchers from CloudSEK discover a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens. An analysis of the data shows that the victims are candidates who took a preliminary exam conducted by the Bihar Police Subordinate Commission.
Ducks Unlimited
January 29, 2021
•[ leak, misconfiguration ]
In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users. Impacted data included names, phones numbers, physical addresses, dates of birth and passwords stored as unsalted MD5 hashes.
Bookchor
January 28, 2021
•[ leak, misconfiguration, retail ]
In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was subsequently traded on a popular hacking forum.
Washington's State Auditor office
January 25, 2021
•[ leak, misconfiguration, government ]
Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.
Driveline Retail Merch., Inc.
January 25, 2021
•[ leak, phishing, retail ]
Driveline Retail Merch., Inc. suffered a phishing attack which resulted in the disclosure of current and former employees' sensitive information.
MeetMindful
January 24, 2021
•[ leak, technology ]
The hacking group ShinyHunters has leaked the details of more than 2 million users of dating site MeetMindful.com.
Bonobos
January 22, 2021
•[ leak, misconfiguration, retail ]
Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup of their database was downloaded by a threat actor.
BuyUcoin
January 21, 2021
•[ leak, finance ]
The ShinyHunters gang has leaked the data of BuyUcoin.
Waste Management Resources
January 21, 2021
•[ leak, healthcare ]
Waste Management Resources suffers a data breach exposing employee healthcare information.
Pixlr
January 20, 2021
•[ leak, phishing, technology ]
A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.
Capital Economics
January 18, 2021
•[ leak, finance ]
During a routine Darkweb monitoring, researchers from Cyble found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.
Capital Economics
January 18, 2021
•[ leak, finance ]
Researchers from Cyble discover a leak of 500K+ records of C-level executives from Capital Economics on a Russian-speaking forum.
Dotty's
January 16, 2021
•[ leak ]
Dotty's. which operates 120 gaming venues in Nevada, suffers a data breach compromising the personal information of players in its database.
Oxfam Australia
January 15, 2021
•[ hack, leak ]
Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January.
Virgin Mobile Polska
January 15, 2021
•[ leak, misconfiguration, technology ]
Virgin Mobile Polska has had a fine imposed on it for failing to secure user data which led to a data breach.
Daily Quiz
January 13, 2021
•[ leak, misconfiguration, technology ]
In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.
Eneco
January 12, 2021
•[ hack, leak, energy ]
Energy supplier Eneco is warning former customers of a possible data breach. The company has established that cyber criminals have managed to gain access to the accounts of 1,700 customers and that personal information may have been stolen.
Bourse des Vols
January 12, 2021
•[ leak, sqlinjection, retail ]
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.
Date Hot Brunettes
January 12, 2021
•[ leak, technology ]
In January 2021, the now defunct website Date Hot Brunettes which provided a service to "Date Neglected Women Who Can Keep a Secret", suffered a data breach. The incident exposed 1.5M unique email addresses along with IP addresses, usernames, user-entered bios and MD5 password hashes.
Multifeeder
January 10, 2021
•[ ransomware, leak, malware ]
Lorenz executed exfiltration of data and ransomeware in targeted network. Data presented on dark web "leak site"
