Full List

Search

Search Results (leak)

• RailYatri August 12, 2020 • [ leak, misconfiguration, technology ] One of India's most popular travel booking hubs has suffered a significant data breach that led to the loss of over 43GB of data as a result of a Meow bot attack. Preceding the attack, the affected Elastic search server was left publicly exposed for several days.
• Kariyer August 12, 2020 • [ leak, misconfiguration, technology ] A file containing the information of 50,000 members of Kariyer.net is found on the web by LVKK, the Turkish data protection authority.
• ShockGore August 11, 2020 • [ leak, misconfiguration, technology ] In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
• UK trade minister Liam Fox August 5, 2020 • [ hack, leak, government ] The hack of Trade Minister Liam Fox's email account led to the leak of US-UK trade documents.
• Aberdeen Hospital August 4, 2020 • [ leak, healthcare ] Aberdeen Hospital suffers from a data breach as result of a breach at Nova Scotia Health.
• Valley Regional Hospital August 4, 2020 • [ leak, healthcare ] Valley Regional Hospital suffers from a data breach as result of a breach at Nova Scotia Health.
• Regis August 3, 2020 • [ leak, healthcare ] Aged care operator Regis has been hit by a cyber attack. The incident led to data loss, but does not seem to have disrupted its services.
• Scentbird July 30, 2020 • [ leak ] Scentbird discloses a security breach after ShinyHunters leak their database.
• Lazada RedMart July 30, 2020 • [ leak, misconfiguration, retail ] In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
• New York state's Metropolitan Transport Authority July 28, 2020 • [ leak, misconfiguration, government ] The New York Metropolitan Authority blames Google algorithm for adding porn titles to train station search results.
• Promo July 27, 2020 • [ leak, technology ] Promo.com, an Israeli-based marketing video creation site, discloses a data breach after a database containing 22 million user records is leaked for free on a hacker forum.
• Dave July 26, 2020 • [ leak, misconfiguration, finance ] Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev.
• Instacart July 23, 2020 • [ leak, brute-force, retail ] Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web.
• Sheffield Hallam University July 16, 2020 • [ leak, misconfiguration, education ] The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud.
• Citrix third-party July 15, 2020 • [ leak, misconfiguration, technology ] An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has been obtained from a third-party.
• Wattpad July 14, 2020 • [ leak, technology ] An allegedly stolen Wattpad database containing 270 million records is being sold in private sales for over $100,000 and offered for free on hacker forums.
• WiziShop July 14, 2020 • [ leak, retail ] In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "pom@pompur.in".
• Alfanar July 10, 2020 • [ leak, ransomware ] Researchers from Cyble discover internal data from Alfanar leaked from the Netwalker ransomware operators.
• Impact Guru July 8, 2020 • [ leak, finance ] Researchers from Cyble identify a threat actor claiming to be in possession of more than 500,000 confidential data records of Impact Guru, a crowdfunding platform.
• eToro July 6, 2020 • [ leak, finance ] Using the alias "Sheriff," a threat actor advertises an auction for 62,000 accounts belonging to users of the eToro social trading platform.