Undisclosed company developing power control solutions
October 16, 2020
•[ ransomware, leak, malware ]
The ThunderX ransomware changes its name to Ranzy Locker and launches a data leak site. The first leaked victim is a company that develops power control solutions.
Bigbasket
October 14, 2020
•[ leak, retail ]
Bigbasket, an Indian online grocery store, has suffered a data breach with the details of over 20 million people being exposed.
bigbasket
October 14, 2020
•[ leak, retail ]
In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
Intcomex
October 13, 2020
•[ ransomware, leak, malware ]
After a ransomware attack, Intcomex suffers a major data breach, with nearly 1 TB of its users' data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
Unnamed e-commerece platform
October 13, 2020
•[ financial, hack, leak ]
Indian authorities are searching for a hacker who accessed the confidential data of an e-commerce company and advertised the sale of the information on the dark net. The hacker allegedly demanded money from the owner of the company to take down the list.
Thingiverse
October 13, 2020
•[ leak, misconfiguration, technology ]
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.
Havelsan
October 12, 2020
•[ leak, manufacturing ]
Researchers from the US-based firm Havelsan recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents Havelsan, a Turkish Military/defence manufacturer.
NATO
October 12, 2020
•[ government, leak ]
Researchers from Cyble discover a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO.
Hawaii Attorney General's office
October 11, 2020
•[ leak, government ]
The state of Hawaii is investigating a potential breach of data within one of their systems tied to the Attorney General's office. Nearly 150 individuals who applied for a travel exemption through the state Attorney General's website were notified Friday about the potential breach.
Georgia Department of Human Services
October 10, 2020
•[ leak, government ]
The personal and health data of children and adults involved in Child Protective Services cases was exposed after a breach at the Georgia Department of Humans Services.
Docsketch
October 9, 2020
•[ leak, misconfiguration, technology ]
The electronic document-signing service Docsketch says an unauthorized third-party accessed a three-week old copy of its database in early August.
eSewa
October 9, 2020
•[ leak, finance ]
eSewa, a digital wallet in Nepal, suffers a massive data breach, exposing email addresses, phone numbers and passwords and other details of an undetermined number of its users.
Famm
October 8, 2020
•[ leak, misconfiguration, technology ]
In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
Wisepay
October 7, 2020
•[ financial, leak, hack ]
UK school payment service Wisepay has revealed that the card details of parents who made transactions on its site between October 2 and 5 have been compromised.
Pixlr
October 7, 2020
•[ leak, technology ]
In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. The data was provided to HIBP by dehashed.com.
Foxtons
October 2, 2020
•[ financial, leak, malware ]
Financial details belonging to customers of UK estate agency Foxtons are widely available on the dark web following a malware attack in October last year that affected parent company Foxtons Group.
GeniusU
October 2, 2020
•[ leak, education ]
In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Pitkin County
October 1, 2020
•[ leak, misconfiguration, government ]
Pitkin County has disclosed a data sercurity incident where a file was left accessible via the Internet and was subject to unauthorized access.
RedDoorz
September 26, 2020
•[ leak, misconfiguration, technology ]
Singapore-based hospitality start-up RedDoorz acknowledged on Saturday (Sept 26) that one of its IT databases suffered a breach. In November, a threat actor began selling the stolen database.
Microsoft
September 25, 2020
•[ leak, technology ]
The source code for Windows XP SP1 and other versions of the operating system is leaked online.
