Whitbread
July 2, 2018
•[ hack, technology ]
Whitbread's online recruitment system has suffered a data breach, affecting a number of the company's brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.
Klook Travel
June 29, 2018
•[ hack, malware, technology ]
Klook Travel informs its users about a data breach incident it suffered. The attackers exploited a malicious JS code associated with SOCIAPlus, a third-party tool integrated on the site.
Typeform
June 29, 2018
•[ leak, misconfiguration, technology ]
Barcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.
GitHub account of the Gentoo Linux distribution
June 28, 2018
•[ hack, malware, technology ]
An unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' remain safe.
Cyanweb Solutions
June 27, 2018
•[ hack, technology ]
Digital marketing and web provider Cyanweb Solutions loses nearly all customer data and backups after a "criminal hacking incident" that compromises one of its servers.
FastBooking
June 26, 2018
•[ financial, technology ]
The personal details and payment card data of guests from hundreds of hotels, are stolen by an unknown attacker from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries. The breach occurred on June 14.
Light's Hope
June 25, 2018
•[ hack, technology ]
In June 2018, the World of Warcraft service Light's Hope suffered a data breach which they subsequently self-submitted to HIBP. Over 30K unique users were impacted and their exposed data included email addresses, dates of birth, private messages and passwords stored as bcrypt hashes.
Flightradar24
June 18, 2018
•[ leak, technology ]
Users of the popular flight-tracking site Flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).
PageUp
June 6, 2018
•[ leak, misconfiguration, technology ]
Australia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.
Avery Moss
June 4, 2018
•[ hack, social, technology ]
Explicit videos and pictures of New York Giants defensive end Avery Moss are posted on his Twitter timeline after his account is hacked.
Exactis
June 1, 2018
•[ leak, misconfiguration, technology ]
In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.
Adult-FanFiction.Org
May 30, 2018
•[ leak, misconfiguration, technology ]
In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
Manuel Delia's Blog
May 20, 2018
•[ hack, ddos, technology ]
Manuel Delia's blog (a Maltese journalist and blogger) is the target of a DDoS attack. Apparently the attack comes from Ukraine.
Corporation Service Company (CSC)
May 17, 2018
•[ hack, technology ]
Hackers steal the personally identifiable information of 5,678 customers of the Corporation Service Company (CSC), according to a notice the company sent to the California attorney general's office.
K9 Web Protection
May 4, 2018
•[ hack, technology ]
Hackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec).
24TV Turk Telekom
May 3, 2018
•[ hack, ddos, technology ]
As a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.
Linux Forums
May 1, 2018
•[ leak, misconfiguration, technology ]
In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to multiple attempts to contact them about the breach.
Creative
May 1, 2018
•[ hack, misconfiguration, technology ]
In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently shut down the forum.
Funny Games
April 28, 2018
•[ leak, misconfiguration, technology ]
In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incident was disclosed to Funny Games in July who acknowledged the breach and identified it had been caused by legacy code no longer in use. The record count in the breach constitute approximately half of the user base.
ilgiornale
April 22, 2018
•[ hack, technology ]
Hackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail.
