West Bengal Public Health Engineering Department
February 4, 2014
•[ hack, misconfiguration, government ]
West Bengal's Public Health Engineering Department (wbphed.gov.in) is attacked and defaced by a group of Pakistani hacktivists demanding to "free Kashmir" among other things.
National Health Service
February 3, 2014
•[ hack, misconfiguration, healthcare ]
A coding error on the official website of the United Kingdom's National Health Service (nhs.uk) is abused to implant malicious code on more than 800 pages.
Ateneo Integrated Student Information System
February 2, 2014
•[ hack, misconfiguration, education ]
A group identified as "Pinoy Anonymouz" defaces the website of the Ateneo Integrated Student Information System (AISIS).
WPT Amateur Poker League
January 4, 2014
•[ hack, leak, misconfiguration ]
In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.
Snapchat
January 2, 2014
•[ leak, misconfiguration, technology ]
Greyhat hackers publish the partial phone numbers belonging to more than 4.5 million Snapchat users after exploiting a recently disclosed security weakness that officials of the service had described as theoretical.
Adobe
October 4, 2013
•[ hack, misconfiguration, technology ]
In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.
Yatra
September 1, 2013
•[ leak, misconfiguration, technology ]
In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text. The site was previously reported as compromised on the Vigilante.pw breached database directory.
imgur
September 1, 2013
•[ hack, misconfiguration, technology ]
In September 2013, the online image sharing community imgur suffered a data breach. A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017. Although imgur stored passwords as SHA-256 hashes, the data in the breach contained plain text passwords suggesting that many of the original hashes had been cracked. imgur advises that they rolled over to bcrypt hashes in 2016.
DragonNest
August 23, 2013
•[ hack, misconfiguration, technology ]
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords. The service later suffered a massive data loss.
Evite
August 11, 2013
•[ leak, misconfiguration, technology ]
In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
OwnedCore
August 1, 2013
•[ hack, misconfiguration, technology ]
In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Yam
June 2, 2013
•[ hack, misconfiguration, technology ]
In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.
AhaShare.com
May 30, 2013
•[ leak, misconfiguration, technology ]
In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.
tumblr
February 28, 2013
•[ leak, misconfiguration, technology ]
In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.
OMGPOP
January 1, 2013
•[ leak, misconfiguration, technology ]
In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.
