Benchmark
November 1, 2019
•[ hack, misconfiguration, technology ]
In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes. A forum administrator subsequently advised that the breach was due to the forum previously running on an outdated vBulletin instance. The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
IndiHome
November 1, 2019
•[ leak, technology ]
In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and geographic locations. The most recent data was stamped as being recorded in November 2019.
Palestine Chronicle
October 31, 2019
•[ espionage, malware, technology ]
Unit 02616 of Uzbekistan's National Security Service used FinFisher, a German spyware, to attack dissidents. Among the targets is the Palestine Chronicle a regional news outlet that reports on the Uzbek government.
Fergana News
October 31, 2019
•[ espionage, malware, technology ]
Unit 02616 of Uzbekistan's National Security Service used FinFisher, a German spyware, to attack dissidents. Among the targets is Fergana News a regional news outlet that reports on the Uzbek government.
Maestro
October 28, 2019
•[ hack, technology ]
Russian group Sandworm carried out large-scale cyberattacks against targets in Georgia. The hackers disrupted Proservice a webhosting site, which led to the defacement of as many as 15,000 websites. Additionally, two TV broadcasters, Imedi TV and Maestro, were taken offline as well.
Undefined Turkish Telco Company
October 27, 2019
•[ hack, ddos, technology ]
Turkish officials confirm that cyberattacks which targeted Telekom and Garanti BBVA, among many others, were behind the nationwide disruption in internet traffic.
VikingVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
OpenVPN keys and configuration files from VikingVPN are also leaked online.
NordVPN
October 20, 2019
•[ leak, misconfiguration, technology ]
NordVPN is compromised as the'private keys for their web site certificate'are publicly leaked on the Internet The company confirms the breach was discovered on March 2018.
TorGuard
October 20, 2019
•[ hack, technology ]
TorGuard also confirms to have suffered a breach in September 2017.
Web
October 16, 2019
•[ hack, technology ]
Web.com, the parent company of world's first domain registrar Network Solutions discloses a security breach occurred in August 2019. A third-party infiltrated some of the company's systems. Even Register.com is affected.
Data Enrichment Exposure From PDL Customer
October 16, 2019
•[ leak, misconfiguration, technology ]
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
TrialWorks
October 15, 2019
•[ ransomware, malware, technology ]
TrialWorks is reportedly hit by a ransomware attack, shutting down its platform for at least four days and locking some lawyers out of their case files.
Eurobet
October 14, 2019
•[ hack, ddos, technology ]
Eurobet, the online gambling portal, is taken down by a DDoS attack.
Pitney Bowes
October 14, 2019
•[ ransomware, malware, technology ]
Pitney Bowes is hit by a ransomware attack, according to a statement released from the mailing services company.
M6 Group (Groupe M6)
October 12, 2019
•[ ransomware, malware, technology ]
The M6 Group (Groupe M6), France's largest privately-owned multimedia group, is the victim of ransomware, but none of the company's TV and radio channels suffered any downtime.
Click2Mail
October 11, 2019
•[ hack, technology ]
Click2Mail sends out a notice to 200,000 customers to warn them of a hack discovered on October, 4th.
StarTribune
October 10, 2019
•[ hack, misconfiguration, technology ]
In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Beeline
October 7, 2019
•[ leak, technology ]
The data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online. The breach occurred in 2017.
Volusion
October 7, 2019
•[ hack, malware, technology ]
Hackers breach the infrastructure of Volusion, a provider of cloud-hosted online stores, and deliver malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted,
Zendesk
October 2, 2019
•[ hack, technology ]
Customer service software company Zendesk notifies a security incident, occurred in 2016, that might have impacted roughly 10,000 Zendesk Support and Chat accounts activated prior to November 1, 2016.
