SaverSpy
September 18, 2018
•[ leak, misconfiguration, technology ]
In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a description of "Yahoo_090618_ SaverSpy". The data set provided to HIBP had almost 2.5M unique email addresses (all of which were from Yahoo!) alongside names, genders and physical addresses.
Saverspy
September 17, 2018
•[ leak, misconfiguration, retail ]
Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.
Unknown Organization
September 17, 2018
•[ leak, government ]
LulzSecITA leaks the personal details of about 300 retired military officials.
U.S. Department of State
September 7, 2018
•[ leak, government ]
The State Department suffers a breach of its unclassified email system, and the compromise exposes the personal information of a small number of employees.
Cork City Park by Phone
September 6, 2018
•[ leak ]
A data breach at Cork City Park by Phone service in Ireland affects more than 5,000 people. The unauthorized access started in May.
Rousseau
September 5, 2018
•[ leak, government ]
Rousseau, the online platform of the Italian Five Star Movement is hacked again by rogue0, who leaks private data related to the donors.
Knuddels
September 5, 2018
•[ leak, misconfiguration, technology ]
In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined 20k for the breach.
C&A
August 30, 2018
•[ leak, retail ]
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Family Orbit
August 30, 2018
•[ hack, leak, misconfiguration ]
An anonymous hacker is able to find the key to the cloud servers of Family Orbit and leaks 281 Gb of pictures and videos.
Atlas Quantum
August 25, 2018
•[ leak, finance ]
In August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.
SpyFone
August 16, 2018
•[ leak, misconfiguration, technology ]
In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within SpyFone's systems. The data belonged the thousands of SpyFone customers and included 44k unique email addresses, many likely belonging to people the targeted phones had contact with.
HauteLook
August 7, 2018
•[ leak, retail ]
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Mention
August 3, 2018
•[ leak, misconfiguration, technology ]
Mention CEO Matthieu Vaxelaire informs users of the occurrence of a data security breach involving a third-party provider. The breach occurred in July and Mention promptly reported details to the French data protection authorities.
Jersey Mike's Subs
July 31, 2018
•[ leak, retail ]
Jersey Mike's Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.
Telecom Regulatory Authority of India (TRAI) chairman R S Sharma
July 28, 2018
•[ leak, misconfiguration, government ]
Alleged personal details of the Telecom Regulatory Authority of India (TRAI) chairman R S Sharma are leaked after he tweeted his 12-digit Unique Identification Authority of India or UIDAI number and challenged hackers.
Banks in Chile
July 28, 2018
•[ leak, finance ]
Additional 55,106 cards are leaked in Chile.
Lanwar
July 28, 2018
•[ leak, misconfiguration, technology ]
In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.
City of Medford
July 25, 2018
•[ leak, malware, government ]
1,842 Medford residents are impacted by a City of Medford data breach after the city's online utility billing service is infected with malware. The breaches happened between February 18th through March 14th and March 29th through April 16th.
Securities Investors Association Singapore (SIAS)
July 25, 2018
•[ leak, finance ]
The Securities Investors Association Singapore (SIAS) announces to have suffered a breach. The breach occurred in 2013 and that the NRIC numbers, home addresses, email addresses, mobile and landline numbers of 70,000 people were compromised in the incident.
Banks in Chile
July 25, 2018
•[ hack, leak, finance ]
Hackers from the Shadow Brokers gain access to some 14,000 credit card numbers in Chile and publish them on social media.
