Autotrader
January 6, 2023
•[ hack, misconfiguration, automotive ]
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
T-Mobile
January 5, 2023
•[ hack, misconfiguration, technology ]
T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
Various law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue)
January 1, 2023
•[ leak, misconfiguration, government ]
poor security
Hub International Limited
December 31, 2022
•[ hack, misconfiguration, finance ]
Hub International Limited files a notice of data breach after discovering that files on the company's IT network were accessed and copied by an unauthorized party.
UnitedHealthcare
December 29, 2022
•[ hack, misconfiguration, healthcare ]
UnitedHealthcare notifies individuals across the country of a recent data breach after an unauthorized party was able to access a UHC broker portal.
Bay Bridge Administrators
December 29, 2022
•[ hack, misconfiguration, finance ]
Bay Bridge Administrators, LLC ("BBA") filed notice of a data breach after an unauthorized party was able to access sensitive consumer information stored on the company's computer network.
CGM
December 28, 2022
•[ hack, misconfiguration, technology ]
CGM files a notice of data breach after learning that an unauthorized party was able to access confidential personal information stored on the company's computer system.
Slack
December 27, 2022
•[ hack, misconfiguration, technology ]
Threat actors gained access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen.
RailYatri
December 26, 2022
•[ leak, misconfiguration, technology ]
In December 2022, Indias government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
Astro
December 25, 2022
•[ leak, misconfiguration, technology ]
A website had listed details of 3.5 million Astro customers.
Twitter
December 23, 2022
•[ hack, misconfiguration, technology ]
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability.
MedInform
December 21, 2022
•[ leak, misconfiguration, finance ]
MedInform files a notice of data breach after learning that an unauthorized user was able to access confidential information belonging to Cleveland Clinic patients that were stored on the company's computer network.
Israeli CCTV cameras
December 19, 2022
•[ hack, misconfiguration, government ]
An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras.
