ShockGore
August 11, 2020
•[ leak, misconfiguration, technology ]
In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Jefit
August 11, 2020
•[ hack, misconfiguration, technology ]
In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes. Several million cracked passwords later appeared in broad circulation.
Ashley County Medical Center
August 10, 2020
•[ insider, misconfiguration, healthcare ]
Ashley County Medical Center is investigating a former employee who they claim inappropriately accessed medical records. It appears that the information was viewed out of curiosity and has not been shared with a third-party.
Defcon
August 9, 2020
•[ hack, misconfiguration, technology ]
The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.
ProctorU
August 9, 2020
•[ hack, misconfiguration, education ]
ProctorU confirms a data breach after a threat actor released a stolen database of user records on a hacker forum.
Bexar County
August 5, 2020
•[ hack, misconfiguration, government ]
A Zoom-bomber interrupts court proceedings in Bexar County, TX.
Lazada RedMart
July 30, 2020
•[ leak, misconfiguration, retail ]
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
Camino Real Middle School
July 29, 2020
•[ hack, misconfiguration, education ]
Camino Real Middle School suffers a Zoom bombing attack.
Century Specialty Script, LLC
July 28, 2020
•[ hack, misconfiguration, retail ]
Century Specialty Script, LLC disclosed a data breach from July where one employee's Microsoft Office365 account was compromised.
New York state's Metropolitan Transport Authority
July 28, 2020
•[ leak, misconfiguration, government ]
The New York Metropolitan Authority blames Google algorithm for adding porn titles to train station search results.
Dave
July 26, 2020
•[ leak, misconfiguration, finance ]
Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev.
Flood
July 26, 2020
•[ hack, misconfiguration, technology ]
Software testing service Flood.io suffers a breach blamed on OAuth tokens stolen by the attackers from Waydev.
Sylva, NC
July 23, 2020
•[ social, misconfiguration, government ]
A town board meeting in Sylva, NC was Zoom-bombed with unknown participants shouting racist remarks.
Utah Gun Exchange
July 17, 2020
•[ hack, misconfiguration, retail ]
In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes. The data was provided to HIBP by breachbase.pw.
Sheffield Hallam University
July 16, 2020
•[ leak, misconfiguration, education ]
The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud.
Citrix third-party
July 15, 2020
•[ leak, misconfiguration, technology ]
An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has been obtained from a third-party.
Center for Alternative Sentencing and Employment Services
July 6, 2020
•[ hack, misconfiguration, government ]
The Center for Alternative Sentencing and Employment Services has put out a notification stating that a number of employee email accounts were compromised in 2020.
Stradis Healthcare
July 1, 2020
•[ insider, misconfiguration, healthcare ]
A former vice president of a company in Georgia has been sent behind bars for sabotaging systems and causing delays in the shipment of Personal Protective Equipment (PPE).
Ledger
June 25, 2020
•[ leak, misconfiguration, finance ]
Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited on June 25, 2020.
