HoundDawgs
December 30, 2017
•[ hack, technology ]
In December 2017, the Danish torrent tracker known as HoundDawgs suffered a data breach. More than 55GB of data was dumped publicly and whilst there was initially contention as to the severity of the incident, the data did indeed contain more than 45k unique email addresses complete extensive logs of torrenting activity, IP addresses and SHA1 passwords.
Lyrics Mania
December 21, 2017
•[ leak, misconfiguration, technology ]
In December 2017, the song lyrics website known as Lyrics Mania suffered a data breach. The data in the breach included 109k usernames, email addresses and plain text passwords. Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received.
Anderson Cooper's Twitter account (@andersoncooper)
December 13, 2017
•[ hack, technology ]
CNN says Anderson Cooper's Twitter account was hacked after a since-removed tweet from his handle called the president a "tool" and a "pathetic loser" following Democrat Doug Jones win in Alabama's Senate election.
Pinterest
December 11, 2017
•[ hack, brute-force, technology ]
Pinterest notifies users of suspicious activity due to attackers trying to compromise accounts using 'credential stuffing' (credentials obtained from other breaches).
Oromia Media Network
December 6, 2017
•[ espionage, malware, technology ]
A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
ai.type
December 5, 2017
•[ leak, misconfiguration, technology ]
In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.
Imgur
November 23, 2017
•[ leak, technology ]
Imgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts.
Uber
November 21, 2017
•[ hack, ransomware, technology ]
Bloomberg reveals that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year, after paying $100,000 to the attackers.
Algerie Telecom
November 17, 2017
•[ hack, ddos, technology ]
The Algerian state telecom operator Algerie Telecom is hit by a prolonged DDoS attack.
Crunchyroll
November 4, 2017
•[ hack, malware, technology ]
Crunchyroll.com is the victim of a DNS hijack attack, so the visitors are redirected to a malicious website designed to infect them with malware.
Hetzner
November 1, 2017
•[ hack, misconfiguration, technology ]
A key database operated by large South African data centre operator and website hosting service provider Hetzner is compromised, and the company advises clients to change their passwords immediately. Compromised data includes customer and bank account details.
blog
October 26, 2017
•[ hack, misconfiguration, technology ]
Two hackers going by the online handle of "n3tr1x" and "str0ng" deface the official blog (blog.jquery.com) of jQuery.
Basetools.ws
October 24, 2017
•[ ransomware, technology ]
A hacker dubbed Mat AKA @0xScripts breaches Basetools.ws, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement.
Coinhive
October 23, 2017
•[ hack, malware, technology ]
The DNS records for coinhive.com are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users.
Telitec
October 21, 2017
•[ hack, ddos, technology ]
In name of #OpCatalunya the Anonymous take down several Spanish including the Constitutional Court.
Microsoft
October 17, 2017
•[ hack, technology ]
According to five former employees, Microsoft Corp's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago.
We Heart It
October 16, 2017
•[ leak, technology ]
We Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.
Politifact
October 13, 2017
•[ hack, malware, technology ]
Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive.
Forrester Research
October 6, 2017
•[ hack, misconfiguration, technology ]
Forrester, one of the world's leading market research and investment advisory firms, admits that a security breach took place during the past week. An unidentified attacker (or attackers) has gained access to the infrastructure hosting its website stealing site credentials and proprietary research.
Disqus
October 6, 2017
•[ hack, technology ]
Disqus confirms a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts.
