MyFreeCams
December 1, 2020
•[ financial, hack, leak ]
A data broker who allegedly hacked adult chat and web-streaming website MyFreeCams.com has sold nearly 2 million user records on a dark web forum. The hacker exfiltrated records from the company's servers in December 2020 after an SQL injection.
Freepik
August 21, 2020
•[ hack, sqlinjection, technology ]
Freepik says that hackers were able to steal emails and password hashes for 8.3 million Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.
UniCredit
April 19, 2020
•[ hack, sqlinjection, finance ]
Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack.
Planet Calypso
July 1, 2019
•[ hack, sqlinjection, technology ]
In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Kyushu Railway Co.
April 12, 2019
•[ hack, sqlinjection ]
Kyushu Railway Co. reveals that personal and credit information on up to 8,000 customers were stolen from the goods store website for its "Seven Stars in Kyushu" luxury cruise train.
DaFont
May 16, 2017
•[ hack, sqlinjection, technology ]
In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.
Hub4Tech
January 1, 2017
•[ leak, sqlinjection, education ]
On an unknown date in approximately 2017, the Indian training and assessment service known as Hub4Tech suffered a data breach via a SQL injection attack. The incident exposed almost 37k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Hub4Tech when contacted about the incident.
Unknown Organization
December 22, 2016
•[ hack, sqlinjection, government ]
Kapustkiy hacks the Costa Rica Embassy in China (costaricaembassycn.com) and dumps 50 of the 280 login credentials.
Unknown Organization
December 19, 2016
•[ hack, sqlinjection ]
Kapustkiy breaches the Slovak Chamber of Commerce (www.scci.sk) and accesses the data of more than 4,000 users.
ambru
December 12, 2016
•[ hack, sqlinjection, government ]
Kapustkiy claims to have stolen thousands of passport numbers and other pieces of personal information from the website of a Russian consular department (ambru.nl).
PPCGeeks
August 19, 2016
•[ hack, sqlinjection, technology ]
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "fall1984@protonmail.com".
Epic Games
August 11, 2016
•[ hack, sqlinjection, technology ]
In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.
i-Dressup
July 15, 2016
•[ leak, sqlinjection, technology ]
In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts. The breach included email addresses and passwords stored in plain text.
Nulled.IO
May 6, 2016
•[ leak, sqlinjection, technology ]
The Nulled.IO forum is compromised and its data consequently leaked, consisting of a 9.45GB SQL file.
Unknown Organization
December 25, 2015
•[ hack, sqlinjection, technology ]
Members of the Anonymous hacker collective deface the Asia Pacific Telecommunity website (apt.int), gain access to the site's admin panel and also manage to get their hands on a database dump.
MPGH
October 22, 2015
•[ hack, sqlinjection, technology ]
In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.
CheapAssGamer.com
July 1, 2015
•[ leak, sqlinjection, technology ]
In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.
Qatar National Bank
July 1, 2015
•[ hack, sqlinjection, finance ]
In July 2015, the Qatar National Bank suffered a data breach which exposed 15k documents totalling 1.4GB and detailing more than 100k accounts with passwords and PINs. The incident was made public some 9 months later in April 2016 when the documents appeared publicly on a file sharing site. Analysis of the breached data suggests the attack began by exploiting a SQL injection flaw in the bank's website.
Evermotion
May 7, 2015
•[ hack, sqlinjection, technology ]
In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords. The site was previously reported as compromised on the Vigilante.pw breached database directory.
dexsil
February 21, 2015
•[ hack, sqlinjection, healthcare ]
LNO uNiTy AKA @LNOuNiTy hacks dexsil.com and dumps about 6,000 usernames and passwords.
