San Francisco Employees' Retirement System (SFERS)
June 3, 2020
•[ hack, misconfiguration, government ]
The San Francisco Employees' Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 24, 2020.
HomeChef
May 8, 2020
•[ leak, misconfiguration, retail ]
A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale on the dark web.
Saint Paulus Lutheran Church
May 6, 2020
•[ hack, misconfiguration, education ]
Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.
Fitness class
May 5, 2020
•[ hack, misconfiguration, education ]
A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming child sex abuse footage.
Algolia
May 3, 2020
•[ hack, misconfiguration, technology ]
Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure.
Xen Orchestra
May 3, 2020
•[ hack, misconfiguration, technology ]
Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability.
Lumberton Township Public Schools in Burlington County
April 27, 2020
•[ hack, misconfiguration, education ]
Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students.
Benefit Recovery Specialists, Inc.
April 20, 2020
•[ leak, misconfiguration, finance ]
The personal data of 274,837 has been exposed after a data breach at Benefit Recovery Specialists, Inc., a Texas-based billing and collection company.
Believr
April 20, 2020
•[ hack, misconfiguration, technology ]
Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr.
Clayton County school
April 17, 2020
•[ hack, misconfiguration, education ]
A Clayton County school's Zoom call was interrupted with pornographic images.
South African Department for Women, Youth, and Persons with Disabilities
April 15, 2020
•[ hack, misconfiguration, government ]
The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack.
Aptoide
April 13, 2020
•[ hack, misconfiguration, technology ]
In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses, names, IP addresses and passwords stored as SHA-1 hashes without a salt.
Niazpardaz[.]ir
April 9, 2020
•[ leak, misconfiguration, technology ]
Someone is selling the personal details of 45,000 Iranians on the dark web. The data appears to have been taken from several sites including Niazpardaz[.]ir and Arzi24[.]com.
Puget Sound Educational Service District
April 5, 2020
•[ leak, misconfiguration, education ]
The Puget Sound Educational Service District (PSESD) sends out a notice to current and former students, and employees of King and Pierce County Schools, after learning of a data breach within their computer network.
Wolfe & Associates
April 3, 2020
•[ hack, financial, misconfiguration ]
Wolfe & Associates, Property Services discloses that an online database was compromised by cyber-criminals in a data breach that may have occurred as many as six months ago. In January 2021, San Diego residents Gordon Welterlen and Nicole Milan admitted to hacking Wolfe & Associates and stealing the identities of more than 9,000 clients. They used that information for fraudulent purposes.
US government
April 3, 2020
•[ hack, misconfiguration, government ]
Criminals disrupt a Zoom meeting held at the highest levels of the US government, despite warnings against using the software.
OGUsers (2020 breach)
April 2, 2020
•[ hack, misconfiguration, technology ]
In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes. A total of 263k email addresses across user accounts and other tables were posted to a rival hacking forum.
Glofox
March 27, 2020
•[ leak, misconfiguration, technology ]
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
James
March 25, 2020
•[ hack, misconfiguration, retail ]
In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Aerial Direct
March 13, 2020
•[ leak, misconfiguration, technology ]
Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
