Dueling Network
March 29, 2017
•[ hack, misconfiguration, technology ]
In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year. The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "burger vault".
Bill Marczak
March 29, 2017
•[ espionage, malware, technology ]
A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
Appartoo
March 25, 2017
•[ leak, technology ]
In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.
Wind Tre
March 20, 2017
•[ hack, technology ]
Italy's data protection authority, Garante Privacy, has ordered Wind Tre to write to customers to notify them of a data breach following a cyber attack that occurred on 20 March.
Dun & Bradstreet
March 15, 2017
•[ leak, misconfiguration, technology ]
A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address is exposed.
Wishbone App
March 15, 2017
•[ hack, technology ]
Hackers steal 2.2 million email addresses and 287,000 cellphone numbers from popular teen quiz App Wishbone users, many of whom are young women under the age of 18.
Advertisement board in Mexico City
March 4, 2017
•[ hack, technology ]
A digital advertisement board owned by Grupo Carteleras located on a busy road in Mexico City is hacked on Friday and features a pornographic video for a few minutes.
Radio Station WZZY-FM
March 2, 2017
•[ hack, technology ]
Radio station WZZY-FM falls victim to a prank when hackers access its computer systems and begin broadcasting fake news alerts of a zombie attack, along with a disease outbreak caused by the resulting carnage.
Aptos
March 1, 2017
•[ financial, malware, technology ]
Shoppers of 40 online stores have had their bank card numbers and addresses stolen by a malware infection at backend provider Aptos late last year.
Apple
February 23, 2017
•[ hack, malware, technology ]
A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, after malware-infected firmware was reportedly detected in an internal development environment of Apple's technical infrastructure, which powers its web-based services and holds customer data.
Retina-X
February 23, 2017
•[ hack, misconfiguration, technology ]
In February 2017, the mobile device monitoring software developer Retina-X was hacked and customer data downloaded before being wiped from their servers. The incident was covered in the Motherboard article titled Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones. The service, used to monitor mobile devices, had 71k email addresses and MD5 hashes with no salt exposed. Retina-X disclosed the incident in a blog post on April 27, 2017.
Yahoo!
February 15, 2017
•[ espionage, misconfiguration, technology ]
Yahoo sends out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo's mail service that allowed an attacker, most likely a "state actor", according to Yahoo, to use a forged cookie created by software stolen from within Yahoo's internal systems to gain access accounts without a password.
FunPlus
February 14, 2017
•[ hack, technology ]
An unknown hacker steals user account information (3.3 million records) and alleged product source code from FunPlus, the company that makes highly popular free-to-play mobile game Family Farm Seaside.
FileSilo
February 8, 2017
•[ hack, misconfiguration, technology ]
UK magazine publisher Future's FileSilo website (FileSilo.co.uk) is raided by hackers, who make off with, among other information, unencrypted user account passwords.
UPI
February 8, 2017
•[ hack, technology ]
zerodark70 sells a database supposedly containing 83,000 compromised accounts from UPI.com, the website of the 110-year-old American news agency United Press International.
Freedom Hosting II
February 3, 2017
•[ leak, technology ]
The Anonymous take down Freedom Hosting II, the largest repository of dark web sites. The hackers are able to steal 75 GB worth of files and 2.6 GB of databases.
Freedom Hosting II
January 31, 2017
•[ hack, misconfiguration, technology ]
In January 2017, the free hidden service host Freedom Hosting II suffered a data breach. The attack allegedly took down 20% of dark web sites running behind Tor hidden services with the attacker claiming that of the 10,613 impacted sites, more than 50% of the content was child pornography. The hack led to the exposure of MySQL databases for the sites which included a vast amount of information on the hidden services Freedom Hosting II was managing. The impacted data classes far exceeds those listed for the breach and differ between the thousands of impacted sites.
Sunny 107.9 WFBS-LPFM
January 31, 2017
•[ hack, misconfiguration, technology ]
Another station is hijacked to play the "F*** Donald Trump" song.
CD Projekt Red
January 31, 2017
•[ hack, technology ]
CD Projekt Red, the Poland-based developer behind the popular 'Witcher' game and comic series, is hit with a forum hack that compromised over 1.8 million user credentials. The hack allegedly took place in March of last year.
AlphaBay
January 26, 2017
•[ leak, misconfiguration, technology ]
About 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace are accessed and released to the public.
