8fit
July 1, 2018
•[ leak, healthcare ]
In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Typeform
June 29, 2018
•[ leak, misconfiguration, technology ]
Barcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.
Adidas
June 28, 2018
•[ leak, retail ]
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers.
Manitowoc County
June 22, 2018
•[ leak, phishing, education ]
Manitowoc County officials release more information about a data breach of a Manitowoc County email account in January, when an employee falls victim of a phishing attack.
Flightradar24
June 18, 2018
•[ leak, technology ]
Users of the popular flight-tracking site Flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).
Med Associates
June 14, 2018
•[ leak, healthcare ]
Med Associates, notifies of a security incident that may have compromised its patients protected information.
Elmcroft Senior Living
June 8, 2018
•[ leak, healthcare ]
The personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May.
PageUp
June 6, 2018
•[ leak, misconfiguration, technology ]
Australia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.
MyHeritage
June 4, 2018
•[ leak, healthcare ]
MyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.
Exactis
June 1, 2018
•[ leak, misconfiguration, technology ]
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
Adult-FanFiction.Org
May 30, 2018
•[ leak, misconfiguration, technology ]
In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
Harare Institute of Technology
May 28, 2018
•[ leak, education ]
A database from the Harare Institute of Technology is leaked, containing 3,500 users.
Canadian Imperial Bank of Commerce (CIBC)
May 28, 2018
•[ leak, finance ]
Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial.
American Family Life Assurance Company of Columbus (Aflac)
May 25, 2018
•[ leak, finance ]
American Family Life Assurance Company of Columbus (Aflac) issues a press release concerning the breach of independent contractor sales agents' email accounts. The breach occurred between Jan. 17 and April 2 and has reportedly affected some clients' personal information.
Poshmark
May 16, 2018
•[ leak, retail ]
In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Morinaga Milk Industry Co.
May 9, 2018
•[ leak, manufacturing ]
After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked.
City of Goodyear
May 8, 2018
•[ leak, government ]
The City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers.
ViewFines
May 7, 2018
•[ leak, misconfiguration, government ]
In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.
Meituan Dianping
May 3, 2018
•[ leak, retail ]
Meituan Dianping, the internet giant backed by Tencent, China's most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users.
Linux Forums
May 1, 2018
•[ leak, misconfiguration, technology ]
In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to multiple attempts to contact them about the breach.
