Megacable
November 6, 2018
•[ hack, technology ]
Megacable notifies its users of a cyber attack.
Telcotech
November 5, 2018
•[ hack, ddos, technology ]
Several of Cambodia's biggest internet service providers (EZECOM, SINET, Telcotech, and Digi) are hit by large-scale DDoS attacks.
News site associated with the Internet Research Agency (IRA)
November 5, 2018
•[ hack, malware, technology ]
The Washington Post reveals that a cyber-attack by a US security agency against Russia's infamous troll factory (Internet Research Agency) has resulted in a destroyed server RAID controller and formatted hard drives.
Adapt
November 5, 2018
•[ leak, misconfiguration, technology ]
In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles, contact information and data relating to the employer including organisation description, size and revenue. No response was received from Adapt when contacted.
WPSandbox
November 4, 2018
•[ leak, phishing, technology ]
In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it offline, contacted the 858 people who provided information to it then self-submitted their addresses to HIBP. The phishing page requested both email addresses and passwords.
ASI Computer Systems
November 2, 2018
•[ hack, technology ]
ASI Computer Systems notifies some of their customers after discovering that usernames and passwords on a support web site had been hacked prior to December 2016.
Internet Solutions
October 23, 2018
•[ hack, misconfiguration, technology ]
Internet Solutions (IS) sends a notice to clients to warn them about a breach, and urges them to change their passwords and take additional steps to secure their servers. Later the company confirms that its internal monitoring systems have detected "irregular activity" on some of its virtual services.
Facepunch
October 17, 2018
•[ leak, technology ]
As reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed.
Vesta Control Panel (VestaCP)
October 17, 2018
•[ hack, malware, technology ]
Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed two weeks later, on June 13.
Eatigo
October 16, 2018
•[ leak, misconfiguration, technology ]
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
Assassin's Creed Odyssey
October 5, 2018
•[ hack, ddos, technology ]
Ubisoft's Assassin's Creed Odyssey's launch is disrupted by a DDoS attack on the day of its release.
Hetzner South Africa
October 5, 2018
•[ hack, technology ]
The South African branch of Hetzner, a well-known web hosting provider, suffers a new security breach. The attacker manages to gain access to customer details.
You've Been Scraped
October 5, 2018
•[ leak, misconfiguration, technology ]
In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator. Containing a total of over 66M records, the owner of the data couldn't be identified but it is believed to have been scraped from LinkedIn hence the title "You've Been Scraped". The exposed records included names, both work and personal email addresses, job titles and links to the individuals' LinkedIn profiles.
Square Enix
October 4, 2018
•[ hack, ddos, technology ]
The same day Square Enix also announces to be fighting off a DDoS attack aimed towards its popular game, Final Fantasy XIV.
Managed Service Providers
October 3, 2018
•[ hack, malware, technology ]
The US Department of Homeland Security issues an alert about "ongoing" cyber-attacks against managed service providers, indirectly attributed to APT10.
Apollo
October 1, 2018
•[ hack, technology ]
Apollo, a sales engagement startup boasting a database of more than 200 million contact records, is hacked and sends an email to its affected customers.
Virat Kohli's official website
September 29, 2018
•[ hack, technology ]
Following the defeat of the Bangladeshi cricket team against India at the 2018 Asia Cup final, a group of Bangladeshi hackers defaces Virat Kohli's official website (the current captain of India's team) to protest against an 'unfair decision' during the match.
Facebook
September 27, 2018
•[ hack, misconfiguration, technology ]
Facebook says a breach affected 50 million people on the social network. The vulnerability stemmed from the "view as" feature, which lets people see what their profiles look like to others. Attackers exploited code associated with the feature that allowed them to steal "access tokens" that could be used to take over people's accounts.
NewsNow
September 25, 2018
•[ hack, technology ]
Online news aggregation service NewsNow admits that it has suffered a security breach and an encrypted version of the passwords may have been accessed.
DoorDash
September 25, 2018
•[ hack, brute-force, technology ]
Food delivery startup DoorDash receives dozens of complaints from customers who say their accounts have been hacked. The users are the target of a credential stuffing attack.
