Swisscom
February 7, 2018
•[ leak, technology ]
Swisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017.
Jobandtalent
February 1, 2018
•[ hack, technology ]
In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.
MyFitnessPal
February 1, 2018
•[ leak, misconfiguration, technology ]
In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
PropTiger
January 30, 2018
•[ leak, misconfiguration, technology ]
In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.
JoomlArt
January 30, 2018
•[ leak, misconfiguration, technology ]
In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties.
phpBB
January 26, 2018
•[ hack, malware, technology ]
An unknown attacker compromises download links for the phpBB forum software, according to a statement released today by the phpBB development team.
Bell Canada
January 23, 2018
•[ hack, technology ]
Police are investigating a new data breach at Bell Canada (the second in eight months), which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses of up to 100,000 users.
David Clarke Jr. Twitter Account
January 22, 2018
•[ hack, phishing, technology ]
The Turkish Cyber Army hacking group strikes again and hijacks the Twitter account of vocal Donald Trump supporter and ex-Milwaukee County Sheriff David Clarke Jr.
Tv3.lt
January 18, 2018
•[ espionage, hack, technology ]
Ghostwriter, a suspected Belarus-backed hacking group, has compromised websites and email accounts in Latvia, Lithuania, and Poland'to publish fabricated documents pushing anti-North Atlantic Treaty Organization (NATO) narratives consistent with Kremlin talking points. The influence campaign started in 2017.
