Social Bluebook
March 27, 2020
•[ hack, technology ]
Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media "influencers" for posts that promote their products and services, is hacked.
Glofox
March 27, 2020
•[ leak, misconfiguration, technology ]
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
Aerial Direct
March 13, 2020
•[ leak, misconfiguration, technology ]
Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
VT San Antonio Aerospace
March 7, 2020
•[ ransomware, malware, technology ]
The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020.
Entercom
March 6, 2020
•[ leak, misconfiguration, technology ]
US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials.
T-Mobile
March 4, 2020
•[ hack, technology ]
US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees."
GeoCloud
March 2, 2020
•[ leak, misconfiguration, technology ]
A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users' names, email addresses, and passwords as well as the company's social media keys and company information.
Microsoft
March 2, 2020
•[ leak, technology ]
The Syrian Electronic Army publishes some invoices leaked from Microsoft indicating that the company charges the FBI to view customers' information.
Catho
March 1, 2020
•[ leak, misconfiguration, technology ]
In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses. Names, usernames and plain text passwords were also exposed. The data was provided to HIBP by breachbase.pw.
Epiq Global
February 29, 2020
•[ ransomware, malware, technology ]
Legal services giant Epiq Global is hit by a ransomware attack.
AnimeGame
February 27, 2020
•[ hack, technology ]
In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.
Bretagne Tcom
February 26, 2020
•[ ransomware, hack, malware ]
Cloud services provider Bretagne T l com is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781.
Transmit Security
February 24, 2020
•[ leak, technology ]
Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data.
Covve
February 20, 2020
•[ leak, misconfiguration, technology ]
In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. Later identified as originating from the Covve contacts app, the exposed data included extensive personal information and interactions between Covve users and their contacts. The data was provided to HIBP by dehashed.com.
Neebs Gaming YouTube channel
February 15, 2020
•[ hack, social, technology ]
Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers.
PSL Services
February 14, 2020
•[ social, phishing, technology ]
PSL Services notifies its clients of a phishing attack occurred on December 17, 2019.
Straffic
February 14, 2020
•[ leak, misconfiguration, technology ]
In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders. In their breach disclosure message, Straffic stated that "it is impossible to create a totally immune system, and these things can occur".
Iran Internet infrastructure
February 9, 2020
•[ hack, ddos, technology ]
Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet.
Facebook's Twitter account
February 7, 2020
•[ hack, social, technology ]
Hackers from the OurMine collective claim to have taken over Facebook's Twitter account.
