IIMJobs
December 31, 2018
•[ hack, leak, misconfiguration ]
In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
BannerBit
December 29, 2018
•[ leak, technology ]
In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.
Hayley Atwell
December 24, 2018
•[ hack, leak ]
"Captain America" actress Hayley Atwell's nude photos are allegedly hacked and those behind it threatened to release the images, according to reports.
British Post Office
December 23, 2018
•[ leak, government ]
A threat actor compromised the British Post Office and local government networks, stealing personal data including email addresses and mobile phone numbers of thousands of employees.
Borough of Westwood
December 22, 2018
•[ leak, government ]
The borough of Westwood, discloses a data breach that began in December 2018.
Click2Gov
December 18, 2018
•[ leak, government ]
According to a new report published by Gemini Advisory, in the wake of the Click2Gov breach, at least 294,929 payment records have been compromised in 46 U.S. cities and sold in the Dark Web.
NASA
December 18, 2018
•[ leak, government ]
NASA alerts its employees of a possible compromise of NASA servers containing personally identifiable information. The breach was discovered on October 23, and affects NASA Civil Service employees from July 2006 through October 2018.
Ajarn
December 13, 2018
•[ leak, education ]
In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information. Hashed passwords were also impacted in the breach.
Ramsey County Social Services
December 11, 2018
•[ leak, government ]
A cyber attack on the Ramsey County Social Services, occurred in August, may have compromised hundreds of clients' private health information.
Mappery
December 11, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Bombuj.eu
December 7, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.
Humble Bundle
December 4, 2018
•[ leak, technology ]
The gaming subscription site Humble Bundle informs its customers of a data breach that may have exposed a person's subscription status.
OppoSuits
December 3, 2018
•[ financial, hack, leak ]
Customers of Dutch clothing company OppoSuits are warned to monitor their credit card accounts after the firm discovers the Magecart malware planted on its website could have stolen the details of 7,000 customers.
Palermo Calcio
December 1, 2018
•[ leak ]
The Italian Football Team Palermo Calcio reveals to have suffered an intrusion with the consequent leak of fake news about the imminent sale of the team.
Dubsmash
December 1, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
Christian Ehring
November 14, 2018
•[ hack, leak, government ]
German security officials detected a cyberattack, believed to be by the Russian group Snake, on the email accounts of German celebrities, lawmakers, military officials, and staff of several German embassies. As a result of the hack, the personal details of the victims were leaked online by the hackers. One of the victimis is TV presenter Christian Ehring.
Huntsville Hospital
November 9, 2018
•[ leak, healthcare ]
Huntsville Hospital also reports the information of job applicants who applied to the facility may be at risk after the breach at Jobscience.
Southwest Washington Regional Surgery Center
November 8, 2018
•[ leak, phishing, healthcare ]
Southwest Washington Regional Surgery Center notifies 2,393 patients after phishing attack exposed their PHI.
Mobile World
November 7, 2018
•[ hack, leak, financial ]
A hacker dubbed Erwincho leaks a file containing more than 5.4 million email addresses and 31,000 bank card numbers (six digits covered), claiming they belong to clients of Mobile World.
