Unknown Organization
December 31, 2016
•[ hack, leak, government ]
In name of #OpSingleGateway Gh0s7 hacks the Thailand's National Statistical Office (nso.go.th) and dumps the leaked data.
GS Polymers, Inc.
December 28, 2016
•[ leak ]
The Dark Overlord claims to have hacked GS Polymers, Inc. and leaks some internal data.
Unknown Organization
December 27, 2016
•[ hack, leak, government ]
Anonymous hacks the official website of the Thai LA consulate (thaiconsulatela.org) and defaces its homepage with a brief message against the arrest of 9 suspects. The group also leaks the data of 900 records.
Unknown Organization
December 19, 2016
•[ hack, leak, education ]
Cryptolulz666 hacks the database of the Indian Institute of Technology Kharagpur, the second of the country and leaks a part of the 12,000 users.
Anti Public Combo List
December 16, 2016
•[ leak, misconfiguration ]
In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
PayAsUGym
December 15, 2016
•[ hack, leak, misconfiguration ]
In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.
Frederick County Public Schools
December 14, 2016
•[ leak, education ]
Data on about 1,000 former students in Frederick County Public Schools in Maryland was likely exposed in a data breach that occurred prior to 2010 but which was only discovered in September of this year.
Vijay Mallya
December 9, 2016
•[ hack, leak, technology ]
Indian tycoon Vijay Mallya's Twitter account appears to have been hacked. The alleged hackers hijack Mallya's account and are currently leaking the industrialist's personal and sensitive information.
DailyMotion
December 5, 2016
•[ leak, technology ]
An unknown hacker extracts 85.2 million unique email addresses and usernames from video-sharing site Dailymotion, one of the biggest video platforms in the world.
Appalachian State University
December 3, 2016
•[ leak, education ]
A group called AppState Leaks releases the data of 1,768 student from Appalachian State University.
FashionFantasyGame
December 1, 2016
•[ leak, misconfiguration, technology ]
In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.
Youku
December 1, 2016
•[ leak, technology ]
In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.
Erasmus University
November 30, 2016
•[ leak, education ]
The Erasmus University is the victim of a breach affecting 270,000 students, whose personal information is compromised.
RankWatch
November 19, 2016
•[ leak, misconfiguration, technology ]
In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum. The data contained 7.4 million unique email addresses along with names, employers, phone numbers and job titles in a table called "us_emails". When contacted and advised of the incident, RankWatch would not reveal the purpose of the data, where it had been acquired from and whether the data owners had consented to its collection. The forum which originally posted the data explained it as being "in the same vein as the modbsolutions leak", a large list of corporate data allegedly used for spam purposes.
AdultFriendFinder Networks
November 13, 2016
•[ leak, hack ]
Here we are again: adult dating and entertainment company FriendFinder Networks has reportedly been hacked in a massive data breach exposing more than 412 million accounts and user credentials collected over two decades.
Sam's Club
November 5, 2016
•[ leak, misconfiguration, retail ]
Wholesale retail giant Sam's Club has reset passwords for thousands of customers (14,600 email addresses and plain-text passwords) after their account details were posted online.
Bradley Foundation
October 29, 2016
•[ leak ]
Anonymous Poland claims to have hacked the Bradley Foundation and dumps more than 30Gb data including a fake letter of a $150 million donation to Clinton's campaign.
ICICI Bank
October 20, 2016
•[ financial, leak, finance ]
Details of more than 3.2 million cash cards of customers of top Indian banks (Visa, Mastercard, RuPay) have reportedly been stolen in what could be one of the biggest financial data breaches in the country. The worst hit banks are the State Bank of India, HFDC Bank, ICICI Bank, YES Bank, and Axis Bank.
Democratic National Committee
October 19, 2016
•[ leak, government ]
Guccifer 2.0 is back and leaks new fresh documents relating to the US political system (documents allegedly showing email conversations between DNC employees and Hillary Clinton's presidential campaign staff discussing Donald Trump's position on his tax returns).
