BtoBet
December 26, 2019
•[ leak, misconfiguration, technology ]
In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.
Avvo
December 17, 2019
•[ leak, misconfiguration, technology ]
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
GameSprite
December 17, 2019
•[ leak, technology ]
In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
SoarGames
December 16, 2019
•[ leak, misconfiguration, technology ]
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have been generated as opposed to organically provided by the user.
JoyGames
December 14, 2019
•[ leak, technology ]
In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
Iran
December 10, 2019
•[ leak, government ]
The private details of 15 million debit cards in Iran are published on Telegram. Cyber security experts suspect it was the work of intelligence agencies from the U.S. or Israel.
WebSAMS
December 6, 2019
•[ hack, leak, education ]
Hackers break into WebSAMS (web-based school administrative and management system), a government system used by most of Hong Kong's schools, as a consequence eight schools are breached, with three of them reporting data leaks.
Mixcloud
November 29, 2019
•[ leak, technology ]
A data breach at Mixcloud, a U.K.-based audio streaming platform, leaves more than 20 million user accounts exposed after the data is put on sale on the dark web.
Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU
November 19, 2019
•[ hack, leak, government ]
The Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU, is hacked. The attackers leak thousands of his private messages.
Select Health Network
November 13, 2019
•[ leak, phishing, healthcare ]
Select Health Network reveals compromise of employee email accounts that may impact an unspecified number of patients.
Unknown Organization
November 11, 2019
•[ leak, technology ]
ZoneAlarm suffers a data breach that exposes the data of the discussion forum users (forum.zonealarm.com). Around 4,500 users are affected.
Vedantu
November 1, 2019
•[ leak, education ]
The Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users.
Universarium
November 1, 2019
•[ leak, misconfiguration, education ]
In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.
IndiHome
November 1, 2019
•[ leak, technology ]
In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and geographic locations. The most recent data was stamped as being recorded in November 2019.
Bed Bath & Beyond
October 29, 2019
•[ leak, retail ]
Bed Bath & Beyond discloses that an unauthorized party obtained login information for some of its customers (1% of customer base).
Indian Railways
October 28, 2019
•[ leak, misconfiguration, government ]
In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.
Chilean Carabineros
October 22, 2019
•[ hack, leak, government ]
The Chilean Carabineros are hacked and the attackers leak 10,000 sensitive files.
VikingVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
OpenVPN keys and configuration files from VikingVPN are also leaked online.
NordVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
NordVPN is compromised as the'private keys for their web site certificate'are publicly leaked on the Internet The company confirms the breach was discovered on March 2018.
Data Enrichment Exposure From PDL Customer
October 16, 2019
•[ leak, misconfiguration, technology ]
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
