Wednesday, February 20, 2019
Have I Been Pwned

MyHeritage – 91,991,358 breached accounts

In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included...
Have I Been Pwned

EyeEm – 19,611,022 breached accounts

In February 2018, photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes. The data was provided to...
Have I Been Pwned

devkitPro – 1,508 breached accounts

In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was...
Have I Been Pwned

Collection #1 (unverified) – 772,904,991 breached accounts

In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records...
Have I Been Pwned

FaceUP – 87,633 breached accounts

In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident,...
Have I Been Pwned

Dangdang – 4,848,734 breached accounts

In 2011, the Chinese e-commerce site Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were subsequently traded online over the ensuing years.
Have I Been Pwned

BannerBit – 213,415 breached accounts

In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit,...
Have I Been Pwned

BlankMediaGames – 7,633,234 breached accounts

In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass...
Have I Been Pwned

GoldSilver – 242,715 breached accounts

In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names,...
Have I Been Pwned

Mappery – 205,242 breached accounts

In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was...
Have I Been Pwned

Bombuj.eu – 575,437 breached accounts

In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when...
Have I Been Pwned

Hub4Tech – 36,916 breached accounts

On an unknown date in approximately 2017, the Indian training and assessment service known as Hub4Tech suffered a data breach via a SQL injection attack. The incident exposed almost 37k unique email addresses and passwords stored as unsalted MD5...
Have I Been Pwned

You’ve Been Scraped – 66,147,869 breached accounts

In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator. Containing a total of over 66M records, the owner of the data couldn't be identified but it...
Have I Been Pwned

AerServ – 66,308 breached accounts

In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as...
Have I Been Pwned

ForumCommunity – 776,648 breached accounts

In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received from ForumCommunity when...

Can you really sniff out gas station card skimmers with your phone?

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...
SecurityWeek

Canada Helping Australia Determine ‘Full Extent’ of Hack

Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election. read more

Researcher: Not Hard for a Hacker to Capsize a Ship at Sea

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively...
SC Magazine

30 years in: My, how SC and security have changed

1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia,...
SecurityWeek

WinPot ATM Malware Resembles a Slot Machine

A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.  Dubbed WinPot, the malware was initially detected in March last year, targeting the ATMs of a popular vendor to...