Zillow
February 27, 2019
•[ hack, misconfiguration, technology ]
Zillow is sued for $60 million after a hacker manages to gain access to a property's Zillow listing page, and update its information.
Verifications.io
February 25, 2019
•[ leak, misconfiguration, technology ]
In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
EOS Cryptocurrency
February 23, 2019
•[ hack, misconfiguration, finance ]
A hacker steals $7.7 million worth of EOS cryptocurrency after one of the 21 maintainers of an EOS blacklist fails to update it. The maintainer is identified in eos.games.
UK Labour Party
February 21, 2019
•[ insider, misconfiguration, government ]
The UK's Labour Party locks down access to membership databases and campaign tools after a number of attempts to access personal data on its systems by "individuals who are not, or are no longer, authorized to do so".
Hampton Roads Community Health Center
February 15, 2019
•[ hack, misconfiguration, healthcare ]
Hampton Roads Community Health Center reveals that a server hosting unencrypted patient data was compromised back in December 2018.
LBB
February 14, 2019
•[ leak, misconfiguration, retail ]
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.
Pellissippi State Community College
February 4, 2019
•[ leak, misconfiguration, education ]
More than 200 current and former students of Pellissippi State Community College could be in danger of identity theft because an unauthorized user had access to their personal information.
devkitPro
February 3, 2019
•[ leak, misconfiguration, technology ]
In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted to HIBP by the forum operator.
Universiti Teknologi Mara (UiTM)
January 25, 2019
•[ leak, misconfiguration, education ]
A total of 1,164,540 records, belonging to students at Universiti Teknologi Mara (UiTM) between 2000 and 2018 are leaked online. According to sources, the data happened between February and March 2018.
Tampa Bay Credit Union
January 17, 2019
•[ financial, misconfiguration, finance ]
Tampa Bay Credit Union members have their debit card information spoofed after threat actors generate false cards using the financial institution's bin numbers.
Hanover County
January 9, 2019
•[ financial, misconfiguration, government ]
Another victim of the Click2Gov breach. Officials disclose that an unauthorized party stole credit card information between Aug. 1, 2018 and Jan. 9, 2019.
ixigo
January 3, 2019
•[ leak, misconfiguration, technology ]
In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
China Railway
January 2, 2019
•[ leak, misconfiguration ]
Data thieves steal the personal information of nearly 5 million people from an unconfirmed number of Chinese online ticket reservation platforms, according to Beijing police, who arrested a suspect in the case.
Royal Enfield
January 1, 2019
•[ leak, misconfiguration, automotive ]
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
