Altex Exchange
July 30, 2018
•[ financial, misconfiguration, finance ]
Altex Exchange acknowledges that a double-counting bug in Monero (XMR) cryptocurrency did result in a major undisclosed financial loss.
Telecom Regulatory Authority of India (TRAI) chairman R S Sharma
July 28, 2018
•[ leak, misconfiguration, government ]
Alleged personal details of the Telecom Regulatory Authority of India (TRAI) chairman R S Sharma are leaked after he tweeted his 12-digit Unique Identification Authority of India or UIDAI number and challenged hackers.
Lanwar
July 28, 2018
•[ leak, misconfiguration, technology ]
In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.
Accreditation, Audit & Risk Management Security, LLC
July 23, 2018
•[ leak, misconfiguration, government ]
A "security incident" occurred on April 3 at a third-party vendor (Accreditation, Audit & Risk Management Security, LLC) may have compromised the personal information of employees, inmates and others involved with the Pennsylvania Department of Corrections.
PIR Bank of Russia
July 20, 2018
•[ financial, misconfiguration, finance ]
Cybercriminals part of the notorious hacking group MoneyTaker attack the PIR Bank of Russia and steal $1M. The hacking is carried out after infiltrating the bank's systems by compromising an old, outdated router. The router was installed at one of the regional branches of the bank.
Major international airport
July 11, 2018
•[ hack, misconfiguration, technology ]
While researching underground hacker marketplaces, researchers from McAfee discover that access linked to security and building automation systems of a major international airport could be bought for only US$10.
Career and Technology Education Centers (C-TEC)
July 10, 2018
•[ leak, misconfiguration, education ]
Career and Technology Education Centers (C-TEC) reveals it suffered a possible data breach earlier this year that could have exposed individuals' names and Social Security numbers. The breach happened on May 25 when an unauthorized person had access to a private file for several minutes.
U.S. Air Force
July 10, 2018
•[ espionage, misconfiguration, government ]
Security Firm Recorded Future identifies an attempted sale of what is believed to be highly sensitive U.S. Air Force documents pertaining to the MQ-9 Reaper drone. The attack was carried on via the default FTP authentication credentials in Netgear routers.
Gas station in Detroit
July 9, 2018
•[ hack, misconfiguration, retail ]
Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump.
Fashion Nexus
July 9, 2018
•[ leak, misconfiguration, retail ]
In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.
Stronghold Kingdoms
July 4, 2018
•[ leak, misconfiguration, technology ]
In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Taiwan Democratic Progressive Party's (DPP)
July 3, 2018
•[ hack, misconfiguration, government ]
The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.
Fortnum & Mason
July 2, 2018
•[ leak, misconfiguration, retail ]
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
Typeform
June 29, 2018
•[ leak, misconfiguration, technology ]
Barcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.
Midwest City
June 24, 2018
•[ hack, misconfiguration, government ]
Midwest City, Oklahoma, reports that about 2,300 customers are potentially affected by a breach involving Superion's software Click2Gov.
PageUp
June 6, 2018
•[ leak, misconfiguration, technology ]
Australia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.
Exactis
June 1, 2018
•[ leak, misconfiguration, technology ]
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
Adult-FanFiction.Org
May 30, 2018
•[ leak, misconfiguration, technology ]
In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
Honda Greece
May 7, 2018
•[ hack, misconfiguration, manufacturing ]
Turkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automaker's website in Greece is infiltrated with a message condemning the country for "partnering" with terrorists.
ViewFines
May 7, 2018
•[ leak, misconfiguration, government ]
In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.
