PetFlow
December 9, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
Israel
December 8, 2017
•[ leak, hack, government ]
In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.
ai.type
December 5, 2017
•[ leak, misconfiguration, technology ]
In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.
dvd-shop.ch
December 5, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.
WWE wrestler Maria Kanellis
December 4, 2017
•[ leak ]
A new batch of explicit photos of WWE wrestler Maria Kanellis is leaked.
Brazil
December 2, 2017
•[ leak, government ]
The Anonymous leak some topology data belonging to Brazilian public sector.
TIO Networks
December 1, 2017
•[ leak, finance ]
PayPal Holdings suspends the operations of TIO Networks, a publicly traded payment processor PayPal acquired in July 2017, after a review of TIO's network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.
Imgur
November 23, 2017
•[ leak, technology ]
Imgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts.
YMCA of Central Florida
November 22, 2017
•[ leak ]
The YMCA of Central Florida (YMCA) announces it is notifying individuals related to an isolated security incident involving certain personal information.
Xinmin Secondary School
November 18, 2017
•[ leak, education ]
Xinmin Secondary School is discovered to have been breached when names and identity card numbers of its students have been leaked on pastebin.
UPMC Susquehanna
November 15, 2017
•[ leak, healthcare ]
UPMC Susquehanna notifies 1,200 patients treated at various locations that their personal information, including names, dates of birth, contact information and Social Security numbers, may have been inappropriately accessed.
Italian government
November 11, 2017
•[ leak, phishing, government ]
The Anonymous collective publishes some internal documents stolen from the email accounts of some government employees.
Sia
November 6, 2017
•[ leak ]
And Australian singer SIA, having heard of her nude photos possibly being leaked, prevents the fappening, by posting herself personal naked photos.
Joseann 'JoJo' Offerman
November 5, 2017
•[ leak ]
And Joseann 'JoJo' Offerman is the third WWE Diva who suffers nude photo leaked.
WWE Diva Paige
November 5, 2017
•[ leak ]
A new file containing more x-rated photos of WWE Diva Paige is leaked online. Although it is unclear who is behind the leak this time it can be confirmed that the leaked content belongs to Paige.
Tarte Cosmetics
October 25, 2017
•[ leak, misconfiguration, retail ]
Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.
We Heart It
October 16, 2017
•[ leak, technology ]
We Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.
Austin Manual Therapy Associates
October 4, 2017
•[ leak, healthcare ]
The Dark Overlord claims to have hacked Austin Manual Therapy Associates and leaks a sample data.
Toms River Police Department
September 28, 2017
•[ leak, government ]
The township of Toms River plans to notify about 3,700 people that their personal information may have been compromised by a data breach inside the police department over the summer.
UAE government
September 17, 2017
•[ leak, espionage, government ]
A trove of leaking emails belonging to the UAE government reveals an alleged plot to "conquer" Qatar.
