Horse Isle
September 19, 2020
•[ leak, misconfiguration ]
In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The system also stored and exposed failed password attempts for each user with the password retained in plain text.
Atlanta federal district court
September 14, 2020
•[ hack, misconfiguration, government ]
An Atlanta court hearing on election security was Zoombombed with porn, swastikas and images of the 9/11 attacks.
Chesterfield County Public Schools
September 11, 2020
•[ hack, misconfiguration, education ]
Unknown users are disrupting virtual classrooms in Chesterfield County public schools.
Toledo Public Schools
September 9, 2020
•[ hack, misconfiguration, education ]
Toledo Public Schools also experience a security breach where a hacker got ahold of a classroom passcode and broke in to post racially and sexually offensive comments.
San Juan Regional Medical Center
September 8, 2020
•[ hack, misconfiguration, healthcare ]
San Juan Regional Medical Center suffers an exploitive attack in which the personal and medical information of nearly 70,000 patients was stolen from servers.
Hopamedia
August 30, 2020
•[ leak, misconfiguration, technology ]
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Lee County High School
August 24, 2020
•[ hack, misconfiguration, education ]
A virtual Spanish class was interrupted with offensive content at Lee County High School.
Instacart
August 20, 2020
•[ insider, misconfiguration, retail ]
US-based grocery delivery and pick-up service Instacart has disclosed a security incident that involved unauthorized access of customer information by two support agents from a third-party vendor retained by the company.
Yunrun Big Data Service
August 20, 2020
•[ hack, misconfiguration, technology ]
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. The victims are Knowlesys, Yunrun Big Data Service, and OneSight.
Santander
August 19, 2020
•[ financial, misconfiguration, finance ]
Tens of suspects have been arrested for exploiting a glitch in the software of Santander ATMs to cash-out more money than was stored on cards.
Rochester City School District
August 15, 2020
•[ hack, misconfiguration, education ]
The Rochester City School District's first parent forum of the 2020-2021 school year, which was held over Zoom, was interrupted by attackers posting racist comments and hurtful symbols.
RailYatri
August 12, 2020
•[ leak, misconfiguration, technology ]
One of India's most popular travel booking hubs has suffered a significant data breach that led to the loss of over 43GB of data as a result of a Meow bot attack. Preceding the attack, the affected Elastic search server was left publicly exposed for several days.
Archer High School
August 12, 2020
•[ hack, misconfiguration, education ]
A virtual class in Gwinnett County's Archer High School gets Zoom-bombed by two men.
Kariyer
August 12, 2020
•[ leak, misconfiguration, technology ]
A file containing the information of 50,000 members of Kariyer.net is found on the web by LVKK, the Turkish data protection authority.
Adit
August 11, 2020
•[ hack, misconfiguration, healthcare ]
An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack.
ShockGore
August 11, 2020
•[ leak, misconfiguration, technology ]
In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Jefit
August 11, 2020
•[ hack, misconfiguration, technology ]
In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes. Several million cracked passwords later appeared in broad circulation.
Ashley County Medical Center
August 10, 2020
•[ insider, misconfiguration, healthcare ]
Ashley County Medical Center is investigating a former employee who they claim inappropriately accessed medical records. It appears that the information was viewed out of curiosity and has not been shared with a third-party.
Defcon
August 9, 2020
•[ hack, misconfiguration, technology ]
The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.
