Thursday, June 1, 2023
Have I Been Pwned

RaidForums – 478,604 breached accounts

In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and...
Have I Been Pwned

Polish Credentials – 1,204,870 breached accounts

In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside...
Have I Been Pwned

Luxottica – 77,093,812 breached accounts

In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in...
Have I Been Pwned

RentoMojo – 2,185,697 breached accounts

In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
Have I Been Pwned

MEO – 8,227 breached accounts

In early 2023, a corpus of data sourced from the New Zealand based face mask companyMEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as...
Have I Been Pwned

Terravision – 2,075,625 breached accounts

In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and...
Have I Been Pwned

OGUsers (2022 breach) – 529,020 breached accounts

In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique...
Have I Been Pwned

The Kodi Foundation – 400,635 breached accounts

In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator...
Have I Been Pwned

Sundry Files – 274,461 breached accounts

In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.
Have I Been Pwned

Leaked Reality – 114,907 breached accounts

In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.
Have I Been Pwned

TheGradCafe – 310,975 breached accounts

In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes....
Have I Been Pwned

Shopper+ – 878,290 breached accounts

In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and...
Have I Been Pwned

HDB Financial Services – 1,658,750 breached accounts

In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes...
Have I Been Pwned

Eye4Fraud – 16,000,591 breached accounts

In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was posted to a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147...
Have I Been Pwned

iD Tech – 415,121 breached accounts

In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…