ProctorU
August 9, 2020
•[ hack, misconfiguration, education ]
ProctorU confirms a data breach after a threat actor released a stolen database of user records on a hacker forum.
Bexar County
August 5, 2020
•[ hack, misconfiguration, government ]
A Zoom-bomber interrupts court proceedings in Bexar County, TX.
Lazada RedMart
July 30, 2020
•[ leak, misconfiguration, retail ]
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
Camino Real Middle School
July 29, 2020
•[ hack, misconfiguration, education ]
Camino Real Middle School suffers a Zoom bombing attack.
Century Specialty Script, LLC
July 28, 2020
•[ hack, misconfiguration, retail ]
Century Specialty Script, LLC disclosed a data breach from July where one employee's Microsoft Office365 account was compromised.
New York state's Metropolitan Transport Authority
July 28, 2020
•[ leak, misconfiguration, government ]
The New York Metropolitan Authority blames Google algorithm for adding porn titles to train station search results.
Dave
July 26, 2020
•[ leak, misconfiguration, finance ]
Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev.
Flood
July 26, 2020
•[ hack, misconfiguration, technology ]
Software testing service Flood.io suffers a breach blamed on OAuth tokens stolen by the attackers from Waydev.
Sylva, NC
July 23, 2020
•[ social, misconfiguration, government ]
A town board meeting in Sylva, NC was Zoom-bombed with unknown participants shouting racist remarks.
Utah Gun Exchange
July 17, 2020
•[ hack, misconfiguration, retail ]
In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes. The data was provided to HIBP by breachbase.pw.
Sheffield Hallam University
July 16, 2020
•[ leak, misconfiguration, education ]
The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud.
Citrix third-party
July 15, 2020
•[ leak, misconfiguration, technology ]
An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has been obtained from a third-party.
Center for Alternative Sentencing and Employment Services
July 6, 2020
•[ hack, misconfiguration, government ]
The Center for Alternative Sentencing and Employment Services has put out a notification stating that a number of employee email accounts were compromised in 2020.
Stradis Healthcare
July 1, 2020
•[ insider, misconfiguration, healthcare ]
A former vice president of a company in Georgia has been sent behind bars for sabotaging systems and causing delays in the shipment of Personal Protective Equipment (PPE).
Ledger
June 25, 2020
•[ leak, misconfiguration, finance ]
Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited on June 25, 2020.
Frost & Sullivan
June 24, 2020
•[ leak, misconfiguration, technology ]
U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum.
Not Acxiom
June 21, 2020
•[ leak, misconfiguration, technology ]
In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that "the claims are indeed false and that the data, which has been readily available across multiple environments, does not come from Acxiom and is in no way the subject of an Acxiom breach". The data contained almost 52M unique email addresses.
LiveAuctioneers
June 19, 2020
•[ leak, misconfiguration, retail ]
In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including names, email and IP addresses, physical addresses, phones numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by breachbase.pw.
City of Lexington
June 17, 2020
•[ hack, misconfiguration, government ]
A Zoom meeting regarding issues surrounding police discipline is interrupted by callers shouting racist and homophobic remarks.
