Digimon
September 5, 2016
•[ leak, misconfiguration, technology ]
In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on enquiries made via Twitter, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.
NemoWeb
September 4, 2016
•[ leak, misconfiguration, technology ]
In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of NemoWeb but no response was received.
Armenian National Security Service
September 2, 2016
•[ hack, leak, government ]
Azerbaijani hacktivists from Anti-Armenia Team leak the passport details of foreign visitors to Armenia and more after breaking into Armenian government servers.
NetProspex
September 1, 2016
•[ leak, misconfiguration, technology ]
In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.
Unknown Organization
August 31, 2016
•[ leak, healthcare ]
The Al Zahra Private Medical Centre is hacked by an individual calling himself websites-hunter, who dumps the database online.
MDPI
August 30, 2016
•[ leak, misconfiguration, education ]
In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.
The Equation Group
August 16, 2016
•[ leak, government ]
An anonymous group calling itself Shadow Brokers publishes what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency known as "The Equation Group".
GeekedIn
August 15, 2016
•[ leak, misconfiguration, technology ]
In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours.
Democratic Congressional Campaign Committee
August 12, 2016
•[ leak, government ]
Guccifer 2.0 leaks a fresh batch of documents, memos and passwords, this time from the Democratic Congressional Campaign Committee (DCCC). They include a spreadsheet of congressional contacts' phone numbers and email addresses, internal memos and what purports to be documents stolen from the computer of Nancy Pelosi.
Cross Fire
August 8, 2016
•[ hack, leak ]
In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.
Three Brazilian businessmen
August 5, 2016
•[ leak, government ]
In the second phase of their operation, Anonymous Brazil claims to have leaked personal details of Mayor of Rio de Janeiro, Governor of Rio de Janeiro, Minister of Sport, President of the Brazilian Olympic Committee and three businessmen who are allegedly involved in corruption.
Unknown Organization
August 2, 2016
•[ leak, healthcare ]
Pravy Sector, the Pro-Ukraine hacker (or hackers) dump 150 GB of data from the Central Ohio Urology Group.
Iranian Telegram users
August 2, 2016
•[ espionage, hack, leak ]
Iranian hackers linked to the state sponsored group called Rocket Kitten have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users.
Yahoo!
August 1, 2016
•[ leak, technology ]
Peace, the hacker who has previously sold dumps of Myspace and LinkedIn, lists 200 million supposed credentials of Yahoo users on The Real Deal marketplace. Yahoo confirms to be aware of the claim.
GTAGaming
August 1, 2016
•[ leak, hack, technology ]
In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.
Roblox
July 31, 2016
•[ leak, misconfiguration, technology ]
In August 2016, Roblox disclosed a data breach that affected over 50k users. The security incident impacted email and IP addresses, usernames, purchases and Robux balances which were left exposed on a test server.
AdultSingleSites
July 15, 2016
•[ leak, technology ]
In name of the same campaign ElSurveillance leaks 67,118 user records from adultsinglesites.com.au.
AfrikaDating
July 15, 2016
•[ leak, technology ]
ElSurveillance continues his #EscortsOffline campaign and leaks 12,738 user records from afrikadating.com.
PinkDate
July 15, 2016
•[ leak ]
In name of the same campaign ElSurveillance leaks 67,118 user records from PinkDate.co.uk.
i-Dressup
July 15, 2016
•[ leak, sqlinjection, technology ]
In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts. The breach included email addresses and passwords stored in plain text.
