Comcast
November 8, 2015
•[ leak, misconfiguration, technology ]
In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.
Ancestry
November 7, 2015
•[ leak, misconfiguration, technology ]
In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.
R2Games
November 1, 2015
•[ hack, misconfiguration, technology ]
In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 11M accounts were added to "Have I Been Pwned" in March 2016 and another 9M in July 2016 bringing the total to over 22M.
Abandonia (2015)
November 1, 2015
•[ leak, misconfiguration, technology ]
In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Emergence Health Network
October 26, 2015
•[ hack, misconfiguration, healthcare ]
Emergence Health Network(EHN) notifies 11,100 patients of an unauthorized access of a server containing protected health information.
https://www
October 25, 2015
•[ hack, misconfiguration, technology ]
An anonymous hacker hacks amzreviewtrader.com and dumps nearly 2500 usernames and clear text passwords.
EyeBuyDirect
October 21, 2015
•[ hack, financial, misconfiguration ]
An undisclosed number of individuals are notified that unauthorized access was gained to EyeBuyDirect's website and personal information, including payment card data, may have been compromised.
Patreon
October 1, 2015
•[ hack, misconfiguration, finance ]
Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announces to have suffered a security breach. The site says some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a debug version of the site.
Ceph
September 18, 2015
•[ hack, misconfiguration, technology ]
Red Hat reveals to have suffered an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com) that resulted in signed code being accessed.
Experian (2015)
September 16, 2015
•[ hack, misconfiguration, finance ]
In September 2015, the US based credit bureau and consumer data broker Experian suffered a data breach that impacted 15 million customers who had applied for financing from T-Mobile. An alleged data breach was subsequently circulated containing personal information including names, physical and email addresses, birth dates and various other personal attributes. Multiple Have I Been Pwned subscribers verified portions of the data as being accurate, but the actual source of it was inconclusive therefor this breach has been flagged as "unverified".
Penrith High School
September 11, 2015
•[ insider, misconfiguration, education ]
A small group of students from Penrith High School have allegedly used a teacher's login credentials to access a Department of Education computer system that contains students' assessment marks.
Western Governor's University
August 23, 2015
•[ leak, misconfiguration, education ]
JM511 dumps some data from the University of California at Los Angeles (UCLA) after allegedly warning the university twice. The attacker also warns other universities of possible vulnerabilities including: Western Governor's University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University.
ClearVoice Surveys
August 23, 2015
•[ leak, misconfiguration, technology ]
In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum. The data included 15M unique email addresses across more than 17M rows of data that also included names, physical and IP addresses, genders, dates of birth and plain text passwords. ClearVoice Surveys advised they were aware of the breach and confirmed its authenticity.
UNICEF India
August 19, 2015
•[ hack, misconfiguration, government ]
A group of Turkish hackers going with the online handles of RootDevilz, Jonturk75 and Bozkurt97 deface the official website of UNICEF India (unicef.in) and post a message against China, US, UN, EU and Israel.
Nepal Department of Transportation
August 17, 2015
•[ hack, misconfiguration, government ]
Avian and the Nepal Cyber Army hack the Nepal Department of Transportation (eproc.dor.gov.np) and dump 8,300 records with usernames and clear text passwords.
http://itembay
August 6, 2015
•[ hack, misconfiguration, technology ]
l1kw1d hacks itembay.ca, an online game virtual currency provider and dumps 4,330 usernames with clear text passwords.
Pokébip
July 28, 2015
•[ hack, misconfiguration, technology ]
In July 2015, the French Pokmon site Pokbip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.
Soundwave
July 16, 2015
•[ leak, misconfiguration, technology ]
In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB. The data contained 130k records and included email addresses, dates of birth, genders and MD5 hashes of passwords without a salt.
Seedpeer
July 12, 2015
•[ hack, misconfiguration, technology ]
In July 2015, the torrent site Seedpeer was hacked and 282k member records were exposed. The data included usernames, email addresses and passwords stored as weak MD5 hashes.
Unknown Organization
July 7, 2015
•[ hack, misconfiguration, retail ]
A group of Bangladeshi hackers going with the handle of DangerPro defaces the contact us page of the official website of Pizza Hut Israel (contact.pizzahut.co.il).
