Kankakee Valley REMC
February 16, 2016
•[ hack, misconfiguration, energy ]
Kankakee Valley REMC falls victim to a possible breach, due to the access of a storage device on the cooperative's network from a foreign IP.
uTorrent
January 14, 2016
•[ hack, misconfiguration, technology ]
In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.
o2c
January 10, 2016
•[ hack, leak, misconfiguration ]
Fr0mShell hacks o2c.fr and dumps 4,160 accounts with clear text passwords.
Republic of Uganda Ministry of Foreign Affairs
January 6, 2016
•[ hack, misconfiguration, government ]
A hacker going with the online handle of GeNiuS-JorDan defaces the official website of The Republic of Uganda, Ministry of Foreign Affairs, posting a message against the US Invasion of Iraq.
Unnamed right-wing Christian group
January 3, 2016
•[ leak, misconfiguration ]
Another massive database leaked in the wild. Chris Vickery, a security researcher discovers a leak containing 56 million records belonging to a right-wing Christian group originating in the US.
Anime-Planet
January 1, 2016
•[ leak, misconfiguration, technology ]
In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data was provided to HIBP by dehashed.com.
MoDaCo
January 1, 2016
•[ hack, misconfiguration, technology ]
In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Steam
December 25, 2015
•[ ddos, misconfiguration, technology ]
A DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34,000 users.
Sanrio Digital
December 21, 2015
•[ leak, misconfiguration, technology ]
Chris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com.
VTech
November 13, 2015
•[ hack, misconfiguration, education ]
In November 2015, hackers extracted more than 4.8 million parents' and 227k children's accounts from VTech's Learning Lodge website. The Hong Kong company produces learning products for children including software sold via the compromised website. The data breach exposed extensive personal details including home addresses, security questions and answers and passwords stored as weak MD5 hashes. Furthermore, children's details including names, ages, genders and associations to their parents' records were also exposed.
Comcast
November 11, 2015
•[ hack, misconfiguration, technology ]
Comcast resets 200k cleartext passwords, after a hacker known as Orion claims to have stolen the database and puts it on sale on the dark web. Nearly 590,000 users could have been compromised.
Comcast
November 8, 2015
•[ leak, misconfiguration, technology ]
In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.
Ancestry
November 7, 2015
•[ leak, misconfiguration, technology ]
In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.
