Reincubate
May 11, 2017
•[ leak, misconfiguration, technology ]
In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.
Charlotte Flair, Victoria
May 4, 2017
•[ leak ]
WWE divas Charlotte Flair and Victoria are the latest victims of the Celebgate leak.
City of Fitchburg
May 2, 2017
•[ leak, government ]
Fitchburg, Mass. city officials report that the Social Security numbers of 1,800 residents were compromised during a data breach that was discovered on April 14, but took place more than three years ago.
Ciphr
April 26, 2017
•[ leak, technology ]
Customer data from encrypted phone company Ciphr is dumped online.
R2Games
April 25, 2017
•[ hack, leak ]
Online gaming company Reality Squared Games (R2Games) is hacked for the second time in two years and more than one million accounts are compromised. Leaked data includes usernames, passwords, email addresses, IP addresses, and other optional record fields.
Fashion Fantasy Game
April 20, 2017
•[ leak, technology ]
A 2016 data breach leaves Fashion Fantasy Game, an online game and social network for fashion lovers, with millions of user account credentials being leaked on the web.
AQA (Assessment and Qualifications Alliance)
April 12, 2017
•[ leak, education ]
Data relating to 64,000 current and former examiners stored on some of AQA's online systems are stolen by attackers, including examiners' name, address, personal phone numbers, and passwords.
Youku
April 12, 2017
•[ leak, technology ]
A dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China.
IAAF
April 3, 2017
•[ leak, healthcare ]
IAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records.
Appartoo
March 25, 2017
•[ leak, technology ]
In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.
Health Now Networks
March 25, 2017
•[ leak, misconfiguration, healthcare ]
In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions and operator notes on the individuals' health. The data included over 320k unique email addresses.
Dun & Bradstreet
March 15, 2017
•[ leak, misconfiguration, technology ]
A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address is exposed.
Master Deeds
March 14, 2017
•[ leak, misconfiguration, finance ]
In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents. The data included extensive personal attributes such as names, addresses, ethnicities, genders, birth dates, government issued personal identification numbers and 2.2 million email addresses. At the time of publishing, it's alleged the data was sourced from Dracore Data Sciences (Dracore is yet to publicly confirm or deny the data was sourced from their systems). On 18 October 2017, the file was found to have been published to a publicly accessible web server where it was located at the root of an IP address with directory listing enabled. The file was dated 8 April 2015.
Welsh NHS
March 13, 2017
•[ leak, healthcare ]
Details of thousands of medical staff of Welsh NHS are stolen from a private contractor's computer server (Landauer). The breach happened in October 2016 and the total number of affected staff is 4,766.
Ster-Kinekor
March 9, 2017
•[ leak, misconfiguration, retail ]
In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. The data also included extensive personal information such as names, addresses, birthdates, genders and plain text passwords.
Jorgie Porter
February 25, 2017
•[ leak ]
English actress and model Jorgie Porter is the latest victim of The Fappening hackers, who manage to steal her intimate pictures and videos and post them online.
Coachella Music Festival
February 22, 2017
•[ leak ]
Nearly one million Coachella accounts are reportedly currently up for sale on the dark web.
FreeOnes
February 16, 2017
•[ leak ]
In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.
San Antonio Symphony
February 14, 2017
•[ hack, leak ]
Computer hackers break into the computer network for the San Antonio Symphony, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees.
Texas Department of Transportation
February 10, 2017
•[ leak, government ]
The Texas Department of Transportation says some personal information of employees was compromised last week due to a "security incident."
