Minefield
June 28, 2015
•[ hack, misconfiguration, technology ]
In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Uber
June 15, 2015
•[ hack, misconfiguration, technology ]
A website hosting an Uber petition (petition.uber.org) calling on local government to allow its drivers to work on San Francisco's Market Street is defaced by a seemingly well-intentioned blogger, who also inserts a banner that automatically redirects visitors to a competitor's site.
Fort Collins Streets Department
June 14, 2015
•[ hack, misconfiguration, government ]
Another example of a road sign hacked.
Missing Link Networks
June 10, 2015
•[ financial, misconfiguration, retail ]
Missing Link Networks Inc, a credit card processor and point-of-sale vendor, reveals that a breach of its networks exposed card data for transactions it processed in the month of April 2015.
North Dakota Workforce and Safety Institute
June 10, 2015
•[ leak, misconfiguration, government ]
Approximately 43,000 incident reports and 13,000 payroll reports are compromised in a breach of a North Dakota Workforce and Safety Institute (WSI) server, after the North Dakota Information Technology Department (ITD) detected unusual activity.
Los Angeles County Public Works
June 9, 2015
•[ hack, government, misconfiguration ]
A downtown Los Angeles digital traffic sign is hacked to state "Read a fu***ng book."
Intimacy Bra Fit Stylists
June 4, 2015
•[ hack, misconfiguration, retail ]
Lingerie seller Intimacy Bra Fit Stylists notifies an undisclosed number of individuals that its e-commerce server was compromised and that personal information may have been misappropriated.
VNG
May 19, 2015
•[ hack, misconfiguration, technology ]
In April 2018, news broke of a massive data breach impacting the Vietnamese company known as VNG after data was discovered being traded on a popular hacking forum where it was extensively redistributed. The breach dated back to an incident in May of 2015 and included of over 163 million customers. The data in the breach contained a wide range of personal attributes including usernames, birth dates, genders and home addresses along with unsalted MD5 hashes and 25 million unique email addresses. The data was provided to HIBP by dehashed.com.
Atlanta Department of Public Works
May 14, 2015
•[ hack, misconfiguration, government ]
Unknown attackers hack a billboard in Atlanta and replace a video with several images from Goatse, one of the internet's original shock sites.
Gaadi
May 14, 2015
•[ leak, misconfiguration, automotive ]
In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.
Mauthausen Nazi Camp
May 8, 2015
•[ hack, misconfiguration, education ]
The memorial website of the Nazi Mauthausen camp in Austria is defaced with child pornography image materials.
Retail Capital
May 5, 2015
•[ hack, misconfiguration, finance ]
Retail Capital notifies more than 700 individuals that unauthorized access was gained to the electronic mailbox of a sales manager, and personal information may have been compromised.
Telecom Regulatory Authority of India
April 27, 2015
•[ leak, misconfiguration, government ]
In April 2015, the Telecom Regulatory Authority of India (TRAI) published tens of thousand of emails sent by Indian citizens supporting net neutrality as part of the SaveTheInternet campaign. The published data included lists of emails including the sender's name and email address as well as the contents of the email as well, often with signatures including other personal data.
lumensfactory
March 29, 2015
•[ hack, misconfiguration, retail ]
Histeria hacks lumensfactory.com and dumps 2,550 usernames and clear text passwords.
Snail
March 14, 2015
•[ leak, misconfiguration, technology ]
In March 2015, the gaming website Snail suffered a data breach that impacted 1.4 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
British Telecom
March 13, 2015
•[ espionage, misconfiguration, technology ]
Internet traffic for 167 important British Telecom customers, including a UK defense contractor that helps deliver the country's nuclear warhead program, are mysteriously diverted to servers in Ukraine before being passed along to their final destination.
Rapides Parish Police Jury
March 7, 2015
•[ hack, misconfiguration, government ]
The actions of the hacktivist group AnonGhost are not isolated: now they deface the official website of the state of Louisiana Rapides Parish Police Jury, Southern Heritage Bank and Churchill Banks.
Larimer County Sheriff's Office
March 6, 2015
•[ hack, misconfiguration, government ]
And for the second time in a week, the Anonghost deface, once again, the official website of Colorado's Larimer County Sheriff's Office.
000webhost
March 1, 2015
•[ hack, misconfiguration, technology ]
In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.
HongFire
March 1, 2015
•[ hack, misconfiguration, technology ]
In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.
