MC2 Data
August 18, 2024
•[ leak, misconfiguration, technology ]
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Explore Talent (August 2024)
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
Tracki
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
Welhof
August 14, 2024
•[ leak, retail ]
In August 2024, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Star Health and Allied Insurance
August 13, 2024
•[ leak, misconfiguration, finance ]
Stolen customer data including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram
CreditRiskMonitor
August 7, 2024
•[ leak, finance ]
CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, discloses a data breach impacting employees and contractors.
Beech Acres Parenting Center
August 5, 2024
•[ hack, leak, healthcare ]
Beech Acres Parenting Center, a nonprofit in Cincinnati, Ohio, reported a data breach involving unauthorized access from AprilAugust 2024 that exposed employee and client personal information, including SSNs and health-related data. No service disruption or encryption was reported.
Avis
August 3, 2024
•[ leak, automotive ]
American car rental giant Avis notifies over 299,000 customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
Not SOCRadar
August 3, 2024
•[ leak, misconfiguration, technology ]
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Truffaut
August 1, 2024
•[ leak, retail ]
Truffaut, another retailer in France also suffers a breach impacting around 277,000 records.
Fresnillo PLC
July 30, 2024
•[ hack, leak, manufacturing ]
Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack.
Community Care Alliance
July 29, 2024
•[ ransomware, leak, malware ]
Community Care Alliance is listed in the Rhysida ransomware leak site.
Delhi Hospital
July 29, 2024
•[ ransomware, leak, malware ]
Delhi Hospital (also known as Richard Parish Hospital) in Louisiana is added to the RADAR and DISPOSSESSORs (R&D) ransomware leak site.
Ubook
July 28, 2024
•[ leak, misconfiguration, technology ]
In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.
Israeli Olympic athletes
July 26, 2024
•[ leak ]
The sensitive data of several Israeli athletes in the Paris Olympic Games is published on Telegram in an alleged doxing attack by a group calling itself "Zeus".
Avanpost
July 26, 2024
•[ hack, leak, technology ]
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, claims it hacked the Russian information security firm Avanpost and leaked 390 gigabytes of its data, destroyed over 60 terabytes, and disrupted over 400 virtual machines and physical workstations.
Team Software
July 26, 2024
•[ leak, technology ]
Business software maker Team Software (WorkWave) revealed this week that a recent data breach impacts nearly 100,000 individuals.
Schneider Regional Medical Center
July 21, 2024
•[ ransomware, leak, malware ]
Schneider Regional Medical Center in the Virgin Islands is added to Qilins ransomware leak site.
Stealer Logs Posted to Telegram
July 18, 2024
•[ leak, malware ]
In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.
AT&T
July 12, 2024
•[ leak, misconfiguration, technology ]
AT&T warns of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account.
