Aurora Water
December 31, 2019
•[ leak, misconfiguration, government ]
Aurora Water announces yet another data breach involving the Click2Gov payment system. Payments between Aug. 30 and Oct. 14 were impacted.
BtoBet
December 26, 2019
•[ leak, misconfiguration, technology ]
In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.
Avvo
December 17, 2019
•[ leak, misconfiguration, technology ]
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
SoarGames
December 16, 2019
•[ leak, misconfiguration, technology ]
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have been generated as opposed to organically provided by the user.
Keybase
December 13, 2019
•[ financial, misconfiguration, finance ]
Keybase announces the closure of its free Lumens (XLM) cryptocurrency drop scheme due to an influx of spam accounts.
Helix Hosting
December 10, 2019
•[ hack, misconfiguration, technology ]
Popular 'pirate' IPTV provider Helix Hosting appears to be facing a crisis after someone claiming to be a hacker posts a message on the service's homepage.
TaiLieu
November 24, 2019
•[ hack, misconfiguration, education ]
In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com after being shared on a popular hacking forum. TaiLieu did not respond when contacted about the incident.
Disney
November 12, 2019
•[ hack, misconfiguration ]
Thousands of hacked Disney+ accounts are already for sale on hacking forums, immediately after the launch of the streaming service.
Veritas Genetics
November 6, 2019
•[ hack, misconfiguration, healthcare ]
The DNA-testing firm Veritas Genetics experiences a security breach that included customer information, when a customer-facing portal is accessed by an unauthorized user.
U.S. Virgin Islands Water and Power Authority (WAPA)
November 1, 2019
•[ hack, misconfiguration, government ]
The U.S. Virgin Islands Water and Power Authority is the latest victim of a new Click2Gov Breach.
Universarium
November 1, 2019
•[ leak, misconfiguration, education ]
In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.
Benchmark
November 1, 2019
•[ hack, misconfiguration, technology ]
In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes. A forum administrator subsequently advised that the breach was due to the forum previously running on an outdated vBulletin instance. The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
UniCredit
October 28, 2019
•[ hack, misconfiguration, finance ]
UniCredit uncover a data breach involving the personal records of 3 million domestic clients from a compromised 2015 file.
Indian Railways
October 28, 2019
•[ leak, misconfiguration, government ]
In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.
VikingVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
OpenVPN keys and configuration files from VikingVPN are also leaked online.
