Educa em Casa
May 13, 2021
•[ hack, misconfiguration, education ]
The CPTrans website suffered the attack on Thursday (04.03) and Educa em Casa was attacked today (05.03) in the morning. The municipality clarifies that all data is in the public domain and there has been no change in any content on both pages.
University of Wisconsin Health
April 20, 2021
•[ leak, misconfiguration, healthcare ]
UW Health notifies over 4,000 patients of a data breach allowing unauthroized access to their Epic MyChart patient portal.
University of Hertfordshire
April 14, 2021
•[ hack, misconfiguration, education ]
The University of Hertfordshire suffers a devastating cyberattack that knocks out all of its IT systems, including Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage and VPN.
United Valor Solutions
April 11, 2021
•[ leak, misconfiguration, healthcare ]
Security researcher Jeremiah Fowler discovers a database exposed, containing 200,000 records, containing evidence that the data might be accessed by criminals.
OGUsers (2021 breach)
April 11, 2021
•[ hack, misconfiguration ]
In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.
SlideTeam
April 6, 2021
•[ hack, misconfiguration, technology ]
In April 2021, the "worlds largest collection of pre-designed presentation slides" SlideTeam had 1.4M records breached and later published to a popular hacking forum the following year. Allegedly sourced from a compromised Magento instance, the data included names, email addresses and passwords stored as salted hashes.
RDC
March 25, 2021
•[ leak, misconfiguration, automotive ]
RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.
Avianis
March 23, 2021
•[ leak, misconfiguration, technology ]
Private aviation services provider Solairus Aviation announces that some employee and customer data was compromised in a security incident at third-party vendor Avianis.
MangaDex
March 22, 2021
•[ hack, misconfiguration, technology ]
In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3 million subscribers. The data included email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently circulated within hacking groups.
Physicians Dialysis
March 21, 2021
•[ hack, misconfiguration, healthcare ]
Physicians Dialysis discovers unauthroized access to its database containing personal and health information of current and former patients.
Comission para el Mercado Financiero
March 17, 2021
•[ hack, misconfiguration, finance ]
Chile's Comision para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.
Leon County Schools
March 17, 2021
•[ hack, misconfiguration, education ]
The Leon County Schools website is defaced with offensive posts.
Bank of Utah
March 9, 2021
•[ hack, misconfiguration, finance ]
Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah
Equinox
March 9, 2021
•[ hack, misconfiguration, technology ]
Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ.
Magnolia Independent School District
March 8, 2021
•[ leak, misconfiguration, education ]
Magnolia ISD is responding to a technology breach that occurred Sunday afternoon, school officials confirmed. The district said the unauthorized messages were shared via social media, text messages, emails and phone calls.
WeLeakInfo
March 8, 2021
•[ leak, misconfiguration, technology ]
In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account. Access to Stripe then exposed almost 12k unique email addresses from customers who'd made credit card payments in order to obtain breached data hosted by WeLeakInfo. The data was subsequently leaked publicly and also included names, payment histories, IP addresses, billing addresses, partial credit card data and the organisation making the purchase.
Liker
March 8, 2021
•[ hack, misconfiguration, technology ]
In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler. The site remained offline after the breach which exposed 465k email addresses in addition to names, dates of birth, education levels, private messages, security questions and answers in plain text, passwords stored as bcrypt hashes and other personal data attributes. Liker did not respond when contacted about the breach.
Adecco Group
March 4, 2021
•[ hack, leak, misconfiguration ]
A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group. The databse contains 5 million records and covers Peru, Brazil, Argentina, Colombia, Chile, and Ecuador.
Douglas County
March 2, 2021
•[ espionage, misconfiguration, government ]
Douglas County is the victim of a cyberattack by Hafnium, a Chinese threat actor. The attackers exploited a weakness in Microsoft servers.
Ticketcounter
March 2, 2021
•[ leak, misconfiguration, technology ]
A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
