Vedantu
November 1, 2019
•[ leak, education ]
The Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users.
Universarium
November 1, 2019
•[ leak, misconfiguration, education ]
In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.
IndiHome
November 1, 2019
•[ leak, technology ]
In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and geographic locations. The most recent data was stamped as being recorded in November 2019.
Bed Bath & Beyond
October 29, 2019
•[ leak, retail ]
Bed Bath & Beyond discloses that an unauthorized party obtained login information for some of its customers (1% of customer base).
Indian Railways
October 28, 2019
•[ leak, misconfiguration, government ]
In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.
Chilean Carabineros
October 22, 2019
•[ hack, leak, government ]
The Chilean Carabineros are hacked and the attackers leak 10,000 sensitive files.
VikingVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
OpenVPN keys and configuration files from VikingVPN are also leaked online.
NordVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
NordVPN is compromised as the'private keys for their web site certificate'are publicly leaked on the Internet The company confirms the breach was discovered on March 2018.
Data Enrichment Exposure From PDL Customer
October 16, 2019
•[ leak, misconfiguration, technology ]
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
BriansClub
October 15, 2019
•[ hack, leak, finance ]
"BriansClub" one of the largest underground stores for buying stolen credit card data, is itself hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records.
Boston University
October 10, 2019
•[ leak, education ]
Over 1,000 Boston University students are forced to change their account passwords after the servers are flooded with spam emails from student accounts. The spam is believed to be a result of a 2018 breach of the educational site Chegg.
Beeline
October 7, 2019
•[ leak, technology ]
The data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online. The breach occurred in 2017.
Italian Democratic Party
October 6, 2019
•[ hack, leak, government ]
Anonymous Italia hacks 8 websites of the Italian Democratic Party (PD) and leaks 220 databases containing personal data in clear text.
The Halloween Spot
September 27, 2019
•[ leak, misconfiguration, retail ]
In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories. The Halloween Spot advised customers the breach was traced back to "an old shipping information database".
KiwiFarms
September 10, 2019
•[ leak, technology ]
In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.
XKCD Forums
September 1, 2019
•[ leak ]
The forums of the XKCD webcomic are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1.
CircleCI
August 31, 2019
•[ leak, misconfiguration, technology ]
Software testing and delivery company CircleCI notifies a security incident involving the company and a third-party analytics vendor. An attacker was able to improperly access some user data in the vendor account.
Mastercard Priceless Specials loyalty program
August 23, 2019
•[ leak, finance ]
Mastercard discloses a data breach to the German and Belgian Data Protection Authorities involving customer data from the company's Priceless Specials loyalty program. Two files with the details of the loyalty program members are leaked on the Internet.
Massachusetts General Hospital (MGH)
August 22, 2019
•[ leak, healthcare ]
Massachusetts General Hospital (MGH) exposed private data, including genetic information, on 9,900 people participating in research programs, after an "unauthorized third party" gained access to the data between June 10 and June 16.
Mastercard Priceless Specials
August 20, 2019
•[ leak, finance ]
In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach. Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial credit card data. Following the incident, the program was subsequently suspended.
