Mate1
February 29, 2016
•[ leak, misconfiguration, technology ]
A hacker on the dark web forum Hell claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com.
SkTorrent
February 19, 2016
•[ hack, misconfiguration, technology ]
In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online. The data dump included usernames, email addresses and passwords stored in plain text.
Kankakee Valley REMC
February 16, 2016
•[ hack, misconfiguration, energy ]
Kankakee Valley REMC falls victim to a possible breach, due to the access of a storage device on the cooperative's network from a foreign IP.
uTorrent
January 14, 2016
•[ hack, misconfiguration, technology ]
In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.
o2c
January 10, 2016
•[ hack, leak, misconfiguration ]
Fr0mShell hacks o2c.fr and dumps 4,160 accounts with clear text passwords.
Republic of Uganda Ministry of Foreign Affairs
January 6, 2016
•[ hack, misconfiguration, government ]
A hacker going with the online handle of GeNiuS-JorDan defaces the official website of The Republic of Uganda, Ministry of Foreign Affairs, posting a message against the US Invasion of Iraq.
Unnamed right-wing Christian group
January 3, 2016
•[ leak, misconfiguration ]
Another massive database leaked in the wild. Chris Vickery, a security researcher discovers a leak containing 56 million records belonging to a right-wing Christian group originating in the US.
Anime-Planet
January 1, 2016
•[ leak, misconfiguration, technology ]
In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data was provided to HIBP by dehashed.com.
MoDaCo
January 1, 2016
•[ hack, misconfiguration, technology ]
In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Steam
December 25, 2015
•[ ddos, misconfiguration, technology ]
A DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34,000 users.
Sanrio Digital
December 21, 2015
•[ leak, misconfiguration, technology ]
Chris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com.
VTech
November 13, 2015
•[ hack, misconfiguration, education ]
In November 2015, hackers extracted more than 4.8 million parents' and 227k children's accounts from VTech's Learning Lodge website. The Hong Kong company produces learning products for children including software sold via the compromised website. The data breach exposed extensive personal details including home addresses, security questions and answers and passwords stored as weak MD5 hashes. Furthermore, children's details including names, ages, genders and associations to their parents' records were also exposed.
Comcast
November 11, 2015
•[ hack, misconfiguration, technology ]
Comcast resets 200k cleartext passwords, after a hacker known as Orion claims to have stolen the database and puts it on sale on the dark web. Nearly 590,000 users could have been compromised.
