Aurora Water
December 31, 2019
•[ leak, misconfiguration, government ]
Aurora Water announces yet another data breach involving the Click2Gov payment system. Payments between Aug. 30 and Oct. 14 were impacted.
Poloniex
December 30, 2019
•[ finance, leak ]
The Poloniex Exchange forces a password reset after someone leaked a list of email addresses and passwords on Twitter.
BtoBet
December 26, 2019
•[ leak, misconfiguration, technology ]
In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.
Avvo
December 17, 2019
•[ leak, misconfiguration, technology ]
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
GameSprite
December 17, 2019
•[ leak, technology ]
In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
SoarGames
December 16, 2019
•[ leak, misconfiguration, technology ]
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have been generated as opposed to organically provided by the user.
JoyGames
December 14, 2019
•[ leak, technology ]
In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
Iran
December 10, 2019
•[ leak, government ]
The private details of 15 million debit cards in Iran are published on Telegram. Cyber security experts suspect it was the work of intelligence agencies from the U.S. or Israel.
WebSAMS
December 6, 2019
•[ hack, leak, education ]
Hackers break into WebSAMS (web-based school administrative and management system), a government system used by most of Hong Kong's schools, as a consequence eight schools are breached, with three of them reporting data leaks.
Mixcloud
November 29, 2019
•[ leak, technology ]
A data breach at Mixcloud, a U.K.-based audio streaming platform, leaves more than 20 million user accounts exposed after the data is put on sale on the dark web.
Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU
November 19, 2019
•[ hack, leak, government ]
The Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU, is hacked. The attackers leak thousands of his private messages.
Select Health Network
November 13, 2019
•[ leak, phishing, healthcare ]
Select Health Network reveals compromise of employee email accounts that may impact an unspecified number of patients.
Unknown Organization
November 11, 2019
•[ leak, technology ]
ZoneAlarm suffers a data breach that exposes the data of the discussion forum users (forum.zonealarm.com). Around 4,500 users are affected.
