Transport for NSW
May 29, 2016
•[ hack, misconfiguration, transportation ]
Transport for NSW says it is investigating a "compromise" of the TrainLink website's reservations system, which is since then shut down. The company states that no personal data or credit card has been compromised.
Regpack
May 20, 2016
•[ leak, misconfiguration, finance ]
In July 2016, a tweet was posted with a link to an alleged data breach of BlueSnap, a global payment gateway and merchant account provider. The data contained 324k payment records across 105k unique email addresses and included personal attributes such as name, home address and phone number. The data was verified with multiple Have I Been Pwned subscribers who confirmed it also contained valid transactions, partial credit card numbers, expiry dates and CVVs. A downstream consumer of BlueSnap services known as Regpack was subsequently identified as the source of the data after they identified human error had left the transactions exposed on a publicly facing server. A full investigation of the data and statement by Regpack is detailed in the post titled Someone just lost 324k payment records, complete with CVVs.
hortinews.co.ke
May 1, 2016
•[ leak, misconfiguration, technology ]
42,000+ usernames and passwords appear in the dark web.
17 (an app particularly popular in Asia)
April 29, 2016
•[ hack, misconfiguration, technology ]
A hacker advertises a cache of 20,000 email addresses, poorly secured passwords, phone numbers, and other information from users of photo sharing and video streaming app '17', which is particularly popular in Asia.
Unknown Organization
April 22, 2016
•[ hack, misconfiguration ]
United Cyber Caliphate defaces the website of the Lamont Christian Reformed Church in the city leaving a pro-Jihadi message.
Archdiocese of Denver
April 21, 2016
•[ hack, misconfiguration, education ]
Archdiocese of Denver notifies 18,000 individuals to have discovered a breach happened on November 2015 after an unauthorized person accessed an Archdiocese of Denver database maintained by a third-party.
ADP
April 19, 2016
•[ financial, misconfiguration, finance ]
Identity thieves steal tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online.
17
April 19, 2016
•[ hack, misconfiguration, technology ]
In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.
doTERRA
April 18, 2016
•[ leak, misconfiguration ]
doTERRA notifies several customers and distributors of a possible data breach involving a third-party providing them with hosting and software services.
Coinroll Bitcoin Casino
April 17, 2016
•[ financial, misconfiguration, finance ]
Coinroll Bitcoin Casino admits that several users had the funds on their online accounts stolen. The breach could be related to an open MongoDB.
KnownCircle
April 12, 2016
•[ hack, misconfiguration, technology ]
In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and contained gigabytes of data related to the real estate and insurance sectors. The personal data in the breach appears to have primarily been used for marketing purposes, including logs of emails sent and tracking of gift cards. A small number of passwords for KnownCircle staff were also present and were stored as bcrypt hashes.
Southeast Eye Institute
March 30, 2016
•[ hack, misconfiguration, healthcare ]
The Southeast Eye Institute reports a possible data breach after an unauthorized individual gained access to data of 87,000 patients via a third party affiliate.
University of Massachusetts-Amherst
March 28, 2016
•[ hack, misconfiguration, education ]
Andrew "Weev" Auernheimer sends out a massive racist print job on the networks of several US universities, including Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, and Mount Holyoke College.
Verizon Enterprise Solutions
March 24, 2016
•[ leak, misconfiguration, technology ]
The contact information on some 1.5 million customers of Verizon Enterprise is published on an underground forum. The company confirms to have recently discovered and remediated a security vulnerability on its enterprise client portal.
Tuned Global
March 16, 2016
•[ hack, misconfiguration, technology ]
In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.
Naughty America
March 14, 2016
•[ hack, misconfiguration, technology ]
In March 2016, the adult website Naughty America was hacked and the data consequently sold online. The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5 hashes. There were 1.4 million unique email addresses in the breach.
Hi-Tec Sports
March 11, 2016
•[ hack, misconfiguration, retail ]
Hi-Tec Sports notifies customers about a compromise affecting its online ordering system and payment card data.
Unnamed American Express third-party card processor
March 10, 2016
•[ leak, misconfiguration, finance ]
American Express warns some customers that their personal details may have been exposed due to a data breach of a third-party service provider.
Mate1
February 29, 2016
•[ leak, misconfiguration, technology ]
A hacker on the dark web forum Hell claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com.
SkTorrent
February 19, 2016
•[ hack, misconfiguration, technology ]
In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online. The data dump included usernames, email addresses and passwords stored in plain text.
