DaFont
May 16, 2017
•[ hack, sqlinjection, technology ]
In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.
Reincubate
May 11, 2017
•[ leak, misconfiguration, technology ]
In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.
Cedexis
May 10, 2017
•[ hack, ddos, technology ]
A DDos attack against Cedexis knocks out several major French news websites including Le Monde and Le Figaro.
German O2-Telefonica users
May 3, 2017
•[ financial, ss7, technology ]
O2-Telefonica in Germany confirms to S ddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.
HandBrake
May 2, 2017
•[ hack, malware, technology ]
The popular DVD-ripping HandBrake app, is hacked to install a new variant of the Proton malware.
Gannett Co.
May 2, 2017
•[ social, phishing, technology ]
A phishing email attack potentially compromises the accounts of as many as 18,000 current and former employees of media company Gannett Co.
Netflix
April 28, 2017
•[ ransomware, misconfiguration, technology ]
TheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn't pay extortion demand. The hack happened via a "production vendor".
Ciphr
April 26, 2017
•[ leak, technology ]
Customer data from encrypted phone company Ciphr is dumped online.
Fashion Fantasy Game
April 20, 2017
•[ leak, technology ]
A 2016 data breach leaves Fashion Fantasy Game, an online game and social network for fashion lovers, with millions of user account credentials being leaked on the web.
Youku
April 12, 2017
•[ leak, technology ]
A dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China.
Melbourne IT
April 12, 2017
•[ hack, ddos, technology ]
Australian ISP Melbourne IT confirms that it was hit by "a large DDoS attack" that disrupted its web hosting.
Sierra Tel
April 10, 2017
•[ hack, malware, technology ]
The Bricker Bot takes down the Zyxel HN-51 Modem belonging to Sierra Tel, a Californian ISP.
Anonymous
April 5, 2017
•[ espionage, technology ]
Anonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor.
New York Post
April 1, 2017
•[ hack, technology ]
The New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump".
Bill Marczak
March 29, 2017
•[ espionage, malware, technology ]
A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
Dueling Network
March 29, 2017
•[ hack, misconfiguration, technology ]
In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year. The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "burger vault".
Appartoo
March 25, 2017
•[ leak, technology ]
In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.
Wind Tre
March 20, 2017
•[ hack, technology ]
Italy's data protection authority, Garante Privacy, has ordered Wind Tre to write to customers to notify them of a data breach following a cyber attack that occurred on 20 March.
Dun & Bradstreet
March 15, 2017
•[ leak, misconfiguration, technology ]
A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address is exposed.
