AdGuard
September 21, 2018
•[ hack, brute-force, technology ]
AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, resets all user passwords, after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords.
SaverSpy
September 18, 2018
•[ leak, misconfiguration, technology ]
In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a description of "Yahoo_090618_ SaverSpy". The data set provided to HIBP had almost 2.5M unique email addresses (all of which were from Yahoo!) alongside names, genders and physical addresses.
DEOSGames
September 10, 2018
•[ financial, technology ]
Betting platform DEOSGames is drained of a significant chunk of its operating funds in a heist that netted one 'lucky' punter almost $24,000.
Color Dating
September 5, 2018
•[ hack, misconfiguration, technology ]
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
Knuddels
September 5, 2018
•[ leak, misconfiguration, technology ]
In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined 20k for the breach.
EscortReviews
September 1, 2018
•[ hack, misconfiguration, technology ]
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. The site ran vBulletin 3.8.9, which has known vulnerabilities that could allow attackers to breach the site. It is unknown if the forum was hacked using one of these vulnerabilities or if the site left an unsecured backup of the database online.
Family Orbit
August 30, 2018
•[ hack, leak, misconfiguration ]
An anonymous hacker is able to find the key to the cloud servers of Family Orbit and leaks 281 Gb of pictures and videos.
TheTruthSpy
August 28, 2018
•[ hack, malware, technology ]
A hacker breaks into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data. The breach occurred on February 2018.
HTH Studios
August 24, 2018
•[ hack, technology ]
In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting multiple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names, orders, salted SHA-1 and salted MD5 hashes. HTH Studios is aware of the incident.
T-Mobile
August 23, 2018
•[ hack, misconfiguration, technology ]
T-Mobile reveals that hackers stole some of the personal data of 2 million people in a new data breach. The intrusion took place on August 20 when hackers accessed company servers through an API that "didn't contain any financial data or other sensitive data."
Animoto
August 20, 2018
•[ hack, technology ]
Animoto, a cloud-based video maker service for social media sites, reveals a data breach. The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general. Names, dates of birth and user email addresses were accesed by the hackers, but the company said it wasn't known if data had been exfiltrated.
TelAlaska
August 16, 2018
•[ espionage, technology ]
A threat actor is targeting multiple organizations with trade ties to China, including those connected with China's Belt and Road Initiative. The actor also targets organizations in advance of officials' meetings with Chinese trade officials.
SpyFone
August 16, 2018
•[ leak, misconfiguration, technology ]
In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within SpyFone's systems. The data belonged the thousands of SpyFone customers and included 44k unique email addresses, many likely belonging to people the targeted phones had contact with.
Mention
August 3, 2018
•[ leak, misconfiguration, technology ]
Mention CEO Matthieu Vaxelaire informs users of the occurrence of a data security breach involving a third-party provider. The breach occurred in July and Mention promptly reported details to the French data protection authorities.
Lanwar
July 28, 2018
•[ leak, misconfiguration, technology ]
In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.
League of Legends Philippines'
July 15, 2018
•[ hack, malware, technology ]
League of Legends Philippines' confirms an unauthorized modification in their client lobby code resulting in the injection of the Coinhive Monero miner.
Major international airport
July 11, 2018
•[ hack, misconfiguration, technology ]
While researching underground hacker marketplaces, researchers from McAfee discover that access linked to security and building automation systems of a major international airport could be bought for only US$10.
Animoto
July 10, 2018
•[ hack, technology ]
In July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Blizzard Entertainment
July 7, 2018
•[ hack, ddos, technology ]
Blizzard Entertainment is hit by a DDoS attack. Players of Overwatch, Heroes of the Storm, and World of Warcraft are affected.
Stronghold Kingdoms
July 4, 2018
•[ leak, misconfiguration, technology ]
In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
