PetFlow – 990,919 breached accounts
In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes....
Artsy – 1,079,970 breached accounts
In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted...
Lifebear – 3,670,561 breached accounts
In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes....
Nulled.ch – 43,491 breached accounts
In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the...
db8151dd – 22,802,117 breached accounts
In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The exposed data could not be attributed to an owner and...
Ulmon – 777,769 breached accounts
In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers...
Elanic – 2,325,283 breached accounts
In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our...
TaiLieu – 7,327,477 breached accounts
In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes. The data was...
Tokopedia – 12,115,583 breached accounts
In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data (allegedly a subset of the complete breach) being posted to a popular hacking forum. The data included over 12M...
Vianet – 94,353 breached accounts
In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical...
Aptoide – 20,012,235 breached accounts
In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP...
HTC Mania – 1,488,089 breached accounts
In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password...
OGUsers (2020 breach) – 263,189 breached accounts
In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords...
Dueling Network – 5,473,883 breached accounts
In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another...
Tamodo – 494,945 breached accounts
In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt...
New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
Vulnerabilities Found in Emerson SCADA Product Made for Oil and Gas Industry
A researcher from Kaspersky has identified several vulnerabilities in Emerson OpenEnterprise, a supervisory control and data acquisition (SCADA) solution designed for the oil and gas industry.
read more
Bluetooth Vulnerability: BIAS
This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device:
Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...
Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends
Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...
Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19
Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.
