Wednesday, August 10, 2022
Have I Been Pwned

QuestionPro (unverified) – 22,229,637 breached accounts

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform),...
Have I Been Pwned

Tuned Global – 985,586 breached accounts

In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number...
Have I Been Pwned

Mecho Download – 437,928 breached accounts

In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Have I Been Pwned

Battlefy – 83,610 breached accounts

In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Have I Been Pwned

Paytm – 3,395,101 breached accounts

In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Although Paytm denied the breach at the time, verification with impacted HIBP...
Have I Been Pwned

PPCGeeks – 492,518 breached accounts

In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted...
Have I Been Pwned

JukinMedia – 314,290 breached accounts

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt...
Have I Been Pwned

Famm – 535,240 breached accounts

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
Have I Been Pwned

Eskimi – 1,197,620 breached accounts

In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.
Have I Been Pwned

La Poste Mobile – 533,886 breached accounts

In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names,...
Have I Been Pwned

Mangatoon – 23,040,238 breached accounts

In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as...
Have I Been Pwned

Capital Economics – 263,829 breached accounts

In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.
Have I Been Pwned

Bookchor – 498,297 breached accounts

In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as...
Have I Been Pwned

Bourse des Vols – 1,460,130 breached accounts

In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel...
Have I Been Pwned

DivX SubTitles – 783,058 breached accounts

In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …