IIMJobs
December 31, 2018
•[ hack, leak, misconfiguration ]
In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
OGUsers (2019 breach)
December 26, 2018
•[ hack, misconfiguration, technology ]
In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.
The Wall Street Journal's website
December 17, 2018
•[ hack, misconfiguration, technology ]
The Wall Street Journal's website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper.
Mappery
December 11, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
City of Topeka
December 7, 2018
•[ hack, misconfiguration, government ]
Another possible Click2Gov breach: Topeka's third-party payment vendor is breached possibly exposing the personal information of about 10,000 residents.
Bombuj.eu
December 7, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.
Dubsmash
December 1, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
Middle East Airlines
November 14, 2018
•[ espionage, misconfiguration, government ]
An unknown actor with a connection to Iran hijacked DNS records to target the traffic of governments and telecommunications organizations around the world. One of the victims is Middle East Airlines, a Lebanese airline.
