o2c
January 10, 2016
•[ hack, leak, misconfiguration ]
Fr0mShell hacks o2c.fr and dumps 4,160 accounts with clear text passwords.
Republic of Uganda Ministry of Foreign Affairs
January 6, 2016
•[ hack, misconfiguration, government ]
A hacker going with the online handle of GeNiuS-JorDan defaces the official website of The Republic of Uganda, Ministry of Foreign Affairs, posting a message against the US Invasion of Iraq.
Unnamed right-wing Christian group
January 3, 2016
•[ leak, misconfiguration ]
Another massive database leaked in the wild. Chris Vickery, a security researcher discovers a leak containing 56 million records belonging to a right-wing Christian group originating in the US.
Anime-Planet
January 1, 2016
•[ leak, misconfiguration, technology ]
In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data was provided to HIBP by dehashed.com.
MoDaCo
January 1, 2016
•[ hack, misconfiguration, technology ]
In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Steam
December 25, 2015
•[ ddos, misconfiguration, technology ]
A DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34,000 users.
Sanrio Digital
December 21, 2015
•[ leak, misconfiguration, technology ]
Chris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com.
VTech
November 13, 2015
•[ hack, misconfiguration, education ]
In November 2015, hackers extracted more than 4.8 million parents' and 227k children's accounts from VTech's Learning Lodge website. The Hong Kong company produces learning products for children including software sold via the compromised website. The data breach exposed extensive personal details including home addresses, security questions and answers and passwords stored as weak MD5 hashes. Furthermore, children's details including names, ages, genders and associations to their parents' records were also exposed.
Comcast
November 11, 2015
•[ hack, misconfiguration, technology ]
Comcast resets 200k cleartext passwords, after a hacker known as Orion claims to have stolen the database and puts it on sale on the dark web. Nearly 590,000 users could have been compromised.
Comcast
November 8, 2015
•[ leak, misconfiguration, technology ]
In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.
Ancestry
November 7, 2015
•[ leak, misconfiguration, technology ]
In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.
R2Games
November 1, 2015
•[ hack, misconfiguration, technology ]
In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 11M accounts were added to "Have I Been Pwned" in March 2016 and another 9M in July 2016 bringing the total to over 22M.
Abandonia (2015)
November 1, 2015
•[ leak, misconfiguration, technology ]
In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
