IIMJobs
December 31, 2018
•[ hack, leak, misconfiguration ]
In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
Dataresolution
December 29, 2018
•[ ransomware, malware, technology ]
Cloud hosting provider Dataresolution.net struggles to bring its systems back online after suffering a Ryuk ransomware infestation on Christmas Eve.
BannerBit
December 29, 2018
•[ leak, technology ]
In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.
Tribune Publishing's Southern California
December 27, 2018
•[ ransomware, malware, technology ]
A Ryuk ransomware attack is suspected of preventing production of several newspapers, including the Wall Street Journal and Los Angeles Times. The attack affected the systems at Tribune Publishing's Southern California printing plant.
OGUsers (2019 breach)
December 26, 2018
•[ hack, misconfiguration, technology ]
In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.
Roll20
December 26, 2018
•[ hack, technology ]
In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
The Wall Street Journal's website
December 17, 2018
•[ hack, misconfiguration, technology ]
The Wall Street Journal's website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper.
Mappery
December 11, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Bombuj.eu
December 7, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.
BeatStars
December 4, 2018
•[ hack, technology ]
BeatStars, a marketplace for selling music production beats, is mass-defaced.
Humble Bundle
December 4, 2018
•[ leak, technology ]
The gaming subscription site Humble Bundle informs its customers of a data breach that may have exposed a person's subscription status.
Ukraine Telecommunications Network
December 4, 2018
•[ espionage, hack, technology ]
The Security Service of Ukraine (SBU) reveals to have stopped a "massive" cyberattack against the country's telecommunications network, and blames the Kremlin for the attempted hack.
Chinese citizens
December 1, 2018
•[ ransomware, malware, technology ]
Over 100,000 computers in China are infected in just a few days by the 'WeChat Ransom' ransomware.
Dubsmash
December 1, 2018
•[ leak, misconfiguration, technology ]
In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
Robert Ross
November 23, 2018
•[ hack, social, technology ]
In his latest SIM swap hack, Nicholas Truglia steals $1M worth in crypto currencies from Robert Ross, a Silicon Valley executive.
High Tail Hall
November 21, 2018
•[ hack, technology ]
The website of High Tail Hall, an adult video game is hacked, with the information of nearly half a million subscribers stolen. The breach occurred back in August.
OSIsoft LLC
November 16, 2018
•[ hack, technology ]
OSIsoft LLC discloses a security breach which affected its employees, consultants, interns, and contractors. The credential theft involves 29 computers and 135 accounts.
Daniel's Hosting
November 15, 2018
•[ hack, technology ]
Hackers compromise Daniel's Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites.
Media Prima Bhd
November 8, 2018
•[ ransomware, malware, technology ]
Media Prima Bhd is hit by a ransomware attack and asked to pay a ransom of 1,000 bitcoins.
Mobile World
November 7, 2018
•[ hack, leak, financial ]
A hacker dubbed Erwincho leaks a file containing more than 5.4 million email addresses and 31,000 bank card numbers (six digits covered), claiming they belong to clients of Mobile World.
