Taringa
September 4, 2017
•[ leak, technology ]
LeakBase, a breach notification service, obtains a copy of the hacked database of Taringa, a social network popular in Latin America, containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords.
Canoe
September 2, 2017
•[ leak, technology ]
The free news and entertainment portal Canoe.ca, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, wishes to inform users that some of its databases containing records from the period of 1996 to 2008 have been breached.
Unknown Organization
September 1, 2017
•[ leak, government, healthcare ]
The Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children's Services.
22 GOP Senators
August 18, 2017
•[ leak, government ]
Hacktivist collective Anonymous reportedly leaks the private contact details of 22 GOP senators, in the wake of the Charlottesville violence and US President Donald Trump's controversial response to the event, asking for Trump's impeachment.
Surgical Dermatology Group
August 6, 2017
•[ leak, healthcare ]
Surgical Dermatology Group notifies patients after its cloud hosting and server management provider TekLinks discovers a security breach dating back to March 23, 2017.
Taringa
August 1, 2017
•[ leak, misconfiguration, technology ]
In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year. The exposed data included usernames, email addresses and weak MD5 hashes of passwords.
HBO
July 31, 2017
•[ hack, leak, technology ]
HBO joins the ranks of Hollywood entertainment companies to suffer a major cyber attack. The company network is compromised and the attackers claim to have stolen 1.5 TB of data. Few days after they leak an episode of the new season of Games of Thrones.
MALL.cz
July 27, 2017
•[ leak, brute-force, retail ]
In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online. Whilst passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text and were likely just those that had been successfully cracked (members with strong passwords don't appear to be included). According to MALL.cz, the breach only impacted accounts created before 2015.
Sarah Hyland
July 24, 2017
•[ leak ]
Nude photos and video of Sarah Hyland are leaked online.
Reliance Jio
July 9, 2017
•[ leak, misconfiguration, technology ]
Personal details of some 120 million Reliance Jio customers are exposed on the Internet in probably the biggest breach of personal data ever in India.
Real Estate Business Services (REBS)
July 9, 2017
•[ leak ]
Real Estate Business Services (REBS), a subsidiary of the California Association of Realtors, acknowledges to have suffered a data breach that exposed user information for a two-month period earlier this year.
Google
July 3, 2017
•[ leak, technology ]
In the wake of the breach that occurred at Sabre Hospitality Solutions earlier in May, the personal details of a small number of Google staffers have been exposed, according to a notification letter Google sends out to affected employees.
8tracks
June 27, 2017
•[ leak, technology ]
Motherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected accounts could be as high as 18 million.
Microsoft
June 23, 2017
•[ leak, technology ]
A massive trove of Microsoft's internal Windows 10 operating system builds and portions of its core source code (a total of 32TB) are leaked online.
Exposed VINs
June 5, 2017
•[ leak, misconfiguration, automotive ]
In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.
Hotels
June 3, 2017
•[ leak, misconfiguration, retail ]
Hotels.com sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29).
Good Choice (hotel reservation app)
June 1, 2017
•[ hack, leak, technology ]
Hackers suspected of breaching a popular South Korean mobile app and stealing the personal data of more than 990,000 are arrested by local police in Korea.
Blackburn High School
May 19, 2017
•[ leak, misconfiguration, education ]
Police investigate a major privacy breach at Blackburn High School, which saw the personal information of families, including their phone numbers, addresses and Medicare details, published online.
Bell (2017 breach)
May 15, 2017
•[ leak, insider, telecommunications ]
In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more. The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.
Edmodo
May 11, 2017
•[ leak, hack, education ]
In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.
