Tuesday, May 26, 2020
Have I Been Pwned

PetFlow – 990,919 breached accounts

In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes....
Have I Been Pwned

Artsy – 1,079,970 breached accounts

In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted...
Have I Been Pwned

Lifebear – 3,670,561 breached accounts

In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes....
Have I Been Pwned

Nulled.ch – 43,491 breached accounts

In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the...
Have I Been Pwned

db8151dd – 22,802,117 breached accounts

In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The exposed data could not be attributed to an owner and...
Have I Been Pwned

Ulmon – 777,769 breached accounts

In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers...
Have I Been Pwned

Elanic – 2,325,283 breached accounts

In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our...
Have I Been Pwned

TaiLieu – 7,327,477 breached accounts

In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes. The data was...
Have I Been Pwned

Tokopedia – 12,115,583 breached accounts

In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data (allegedly a subset of the complete breach) being posted to a popular hacking forum. The data included over 12M...
Have I Been Pwned

Vianet – 94,353 breached accounts

In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical...
Have I Been Pwned

Aptoide – 20,012,235 breached accounts

In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP...
Have I Been Pwned

HTC Mania – 1,488,089 breached accounts

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password...
Have I Been Pwned

OGUsers (2020 breach) – 263,189 breached accounts

In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords...
Have I Been Pwned

Dueling Network – 5,473,883 breached accounts

In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another...
Have I Been Pwned

Tamodo – 494,945 breached accounts

In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt...

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
SecurityWeek

Vulnerabilities Found in Emerson SCADA Product Made for Oil and Gas Industry

A researcher from Kaspersky has identified several vulnerabilities in Emerson OpenEnterprise, a supervisory control and data acquisition (SCADA) solution designed for the oil and gas industry. read more
Bruce Schneier

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...
Tripwire

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...
ZDNet

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.