Lumin PDF
April 1, 2019
•[ leak, misconfiguration, technology ]
In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Toyota (Japan)
March 29, 2019
•[ hack, leak, manufacturing ]
The personal information of roughly 3.1 million Toyota customers may have been leaked following an authorized access of multiple Toyota and Lexus sales subsidiaries.
Hakko Corporation
March 28, 2019
•[ leak, manufacturing ]
In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.
Everybody Edits
March 23, 2019
•[ leak, technology ]
In March 2019, the multiplayer platform game Everybody Edits suffered a data breach. The incident exposed 871k unique email addresses alongside usernames and IP addresses. The data was subsequently distributed online across a collection of files.
Hurb
March 14, 2019
•[ leak, misconfiguration, technology ]
In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
Intelimost
March 10, 2019
•[ leak, misconfiguration ]
In March 2019, a spam operation known as "Intelimost" sent millions of emails appearing to come from people the recipients knew. Security researcher Bob Diachenko found over 3 million unique email addresses in an exposed Elasticsearch database, alongside plain text passwords used to access the victim's mailbox and customise the spam.
Estante Virtual
February 28, 2019
•[ leak, misconfiguration, retail ]
In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.
Verifications.io
February 25, 2019
•[ leak, misconfiguration, technology ]
In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
Memorial Hospital
February 15, 2019
•[ leak, phishing, healthcare ]
Memorial Hospital at Gulfport reveals a phishing incident that exposed 30,000 patients' information.
LBB
February 14, 2019
•[ leak, misconfiguration, retail ]
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.
LandMark White
February 12, 2019
•[ leak, finance ]
Up to 100,000 customers have personal information including property valuations, phone numbers and dates of birth leaked as part of the data breach at LandMark White.
Pellissippi State Community College
February 4, 2019
•[ leak, misconfiguration, education ]
More than 200 current and former students of Pellissippi State Community College could be in danger of identity theft because an unauthorized user had access to their personal information.
devkitPro
February 3, 2019
•[ leak, misconfiguration, technology ]
In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted to HIBP by the forum operator.
Houzz
January 31, 2019
•[ leak, technology ]
Home improvement startup Houzz informs its users that it suffered a data breach in December 2018. The company has not provided details about the occurrence but contacted its users to encourage them to change their passwords as a precautionary measure.
Youthmanual
January 31, 2019
•[ leak, education ]
In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.
Airbus
January 30, 2019
•[ hack, leak, manufacturing ]
Airbus says it detected a cyber attack on its information systems which resulted in a data breach but it said the incident did not affect its commercial operations.
BenefitMall
January 29, 2019
•[ hack, leak, technology ]
Delaware's Department of Insurance announces that 650 residents and 5 companies located within the state are impacted by a 2018 data breach of BenefitMall, an HR services administrator. An employee email was compromised between June 2018 and October 11.
Vale
January 29, 2019
•[ leak, energy ]
The Brazilian multinational mining company Vale is hacked and confidential internal documents are leaked (about 40 thousand files in a 500 MB folder).
Universiti Teknologi Mara (UiTM)
January 25, 2019
•[ leak, misconfiguration, education ]
A total of 1,164,540 records, belonging to students at Universiti Teknologi Mara (UiTM) between 2000 and 2018 are leaked online. According to sources, the data happened between February and March 2018.
Discover Financial Services
January 25, 2019
•[ leak, finance ]
Discover Financial Services reveals that on August 13, 2018, an undisclosed number of Discover card accounts might have been part of a data breach to occurred to a merchant.
