HORNE LLP
February 1, 2018
•[ leak, phishing, finance ]
HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.
MyFitnessPal
February 1, 2018
•[ leak, misconfiguration, technology ]
In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
PropTiger
January 30, 2018
•[ leak, misconfiguration, technology ]
In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.
JoomlArt
January 30, 2018
•[ leak, misconfiguration, technology ]
In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties.
220,000 Malaysian organ donors
January 23, 2018
•[ leak, healthcare ]
Another data breach in Malaysia. A technology forum publishes details of a trove of data which includes the personal information of more than 220,000 organ donors.
Charissa Thompson
January 22, 2018
•[ hack, leak ]
Fox Sports host Charissa Thompson is the latest celebrity whose nude photos are stolen by hackers and then published online as part of The Fappening scandal.
DailyObjects
January 1, 2018
•[ leak, misconfiguration, retail ]
In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts to contact them, DailyObjects responded and received a copy of the data for verification, however failed to respond to multiple contact attempts following that.
Elanic
January 1, 2018
•[ leak, misconfiguration, retail ]
In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the data was "old" (the hacking forum reported it as being from 2016-2018). When asked about disclosure to impacted customers, Elanic advised that they had "decided to not have as such any communication and public disclosure".
Offset iCloud account
December 26, 2017
•[ hack, leak ]
Migos' Offset's iCloud is hacked and nude images of fianc Cardi B leaked.
WWE Diva Paige
December 21, 2017
•[ leak ]
Unknown hackers leaked a new private photo of WWE Diva Paige.
Lyrics Mania
December 21, 2017
•[ leak, misconfiguration, technology ]
In December 2017, the song lyrics website known as Lyrics Mania suffered a data breach. The data in the breach included 109k usernames, email addresses and plain text passwords. Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received.
Rose McGowan
December 11, 2017
•[ leak, hack ]
Another round of "The Fappening". Hackers leak alleged nude pics and sex tape of "Charmed" star Rose McGowan.
Jeffree Star
December 10, 2017
•[ hack, leak, insider ]
Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.
