List of security records stolen

ClixSense Data Breach, 6.6 Million users’ records stolen

2016-09-15
“In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity” wrote Hunt.

Porn site Brazzers sees leak that leaves 800,000 users exposed

2016-09-06
Nearly 800,000 accounts for popular porn site Brazzers have been exposed in a data breach. Although the data originated from the company's separate forum, Brazzers users who never signed up to the forum may also find their details included in the dump.

OneLogin breached, hacker finds cleartext credential notepads

2016-08-31
The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between 2 June and 25 August this year.
Some 12 million customers use OneLogin.

Opera's service for syncing web browser data hacked, users urged to reset passwords

2016-08-28
Opera has confirmed that an unknown hacker managed to gain access to its Opera sync system, potentially compromising the data of about 1.7 million active users. In response to the breach of Opera's web sync feature, which allows users to synchronise their browser data and settings across multiple platforms, the company has issued a forced password reset for all Sync users.

Ubuntu Forums Hacked, 2 Million Users’ Details Stolen

2016-07-15
The Ubuntu forums have been hacked and the IP addresses, usernames, and email addresses of over two million users have been “stolen”.
The online forum was the only piece of infrastructure compromised, the company say. No other Ubuntu website, repository or update mechanism is known to have been affected. “Known SQL Injection Vulnerability to blame”
Canonical CEO Jane Silber explains: “We were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.”
The attacker was able to “download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users.”

VK.com HACKED! 100 Million Clear Text Passwords Leaked Online

2016-06-05
Another day, another Data Breach! Now, Russia's biggest social networking site VK.com is the latest in the line of historical data breaches targeting social networking websites.
The same hacker who previously sold data dumps from MySpace, Tumblr, LinkedIn, and Fling.com, is now selling more than 100 Million VK.com records for just 1 Bitcoin (approx. US$580).
The database contains information like full names (first names and last names), email addresses, plain-text passwords, location information, phone numbers and, in some cases, secondary email addresses.
Yes, plain-text passwords.

Scrum.org certification and training website hacked

2016-06-01
"... we have determined that user’s names, email addresses, encrypted passwords, the password decryption key, and completed certifications and their associated test scores may have been compromised, but at this time we are not able to confirm that any of these items were actually taken, nor is there any evidence that any of this information was used by an unauthorized individual."

Google Hit by Insider Data Breach

2016-05-10
Google has suffered an embarrassing insider data breach after an employee at a third-party vendor mistakenly sent personal information on an unspecified number of Mountain View employees to another company.

40 Million Fling.com Users' Passwords, Sexual Preferences Stolen

2016-05-06
A large trove of credentials and personal details of tens of millions of users from Fling.com, an adult dating website have turned up on an underground marketplace called the Real Deal, as reported by Motherboard.
The online publication was able to gather a sample of the trove of data from a hacker who goes by the moniker – Peace.
The sample contained users’ credentials such as usernames and passwords in plain text, IP address, date of birth, email addresses, and more. The records also revealed the gender of the user, the fetishes that a user is interested in and other personal preferences.
The hacker claims to be selling 40 million accounts in total for a price of 0.8888 bitcoins, approximately $400 in today’s bitcoin-USD exchange rate.
Notably, the legitimacy of the sample was confirmed to be accurate by the person to whom the Fling.com domain is registered to.
In an email, he revealed that the breach had occurred in 2011.

Webmail firms probe login 'leak'

2016-05-04
Several popular webmail providers are investigating a report that millions of their users' login details are being shared online by a hacker.
Google Gmail, Yahoo Mail, Microsoft Hotmail and Mail.ru are among the services said to have been affected.
The security firm that flagged the issue said that it believed many of the usernames and passwords involved had not been leaked before.

Beautiful people hacked

2016-04-25
It’s a site that only lets in the genetically blessed based on some mysterious beauty metric – and today the personal data of 1.1 million BeautifulPeople.com members is for sale on the black market. It’s only a slice of data from 2015, and the company says the leak’s been patched up, but data once stolen can never be controlled: and so 1.1 million names of self-declared Beautiful People will now begin circulating.

Spotify Hacked

2016-04-25
A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach.

Another Day, Another Hack: Hacker Claims to Have Sold 27M Mate1.com Passwords

2016-02-29
In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes levels and sexual fetishes as well as passwords stored in plain text.

Hacked Toymaker VTech Admits Breach Actually Hit 6.3 Million Children

2015-12-02
In total 4,854,209 customer (parent) accounts and 6,368,509 related kid profiles worldwide are affected, which includes approximately 1.2 million Kid Connect parent accounts. In addition, there are 235,708 parent and 227,705 kids accounts in PlanetVTech. Kid profiles unlike account profiles only include name, gender and birthdate.
VTech also admitted that its database “was not as secure as it should have been,” and that it didn’t know of the data breach until Motherboard alerted them. But VTech said last week in an email that “we were not aware of this unauthorized access until you alerted us.”

Hilton Hotels admits hackers planted malware and stole customer card details

2015-11-25
This evening Hilton Worldwide issued a statement confirming rumours that have swirled around for the last couple of months, stating that malware had found its way onto point-of-sale systems and stole payment card information.
That stolen information includes cardholder names, payment card numbers, security codes and expiry dates. However, addresses and PINs have not been exposed.

Comcast says it’s not to blame after 200,000 user accounts were put up for sale online

2015-11-09
Comcast will reset the passwords of roughly 200,000 customers after their account information wound up for sale on a shadowy Web site, the company said Monday.
The package of personal data, including the e-mail addresses and passwords of Comcast customers, was listed for sale for $1,000 on a Dark Web site that was also marketing a number of other questionable goods.

Hackers have accessed details of 1,827 Vodafone customers

2015-10-31
Vodafone UK was subject to an attempt to access some customers’ account details.
This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.
Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved:
The customer’s name; their mobile telephone number their bank sort code the last 4 digits of their bank account

TalkTalk cyber-attack: Website hit by 'significant' breach

2015-10-22
TalkTalk has confirmed that the amount of data stolen is nowhere near as bad as early reports suggested, but that 1.2 million email addresses, names and phone numbers were taken. Some 21,000 unique bank accounts and sort codes were also accessed, along with 28,000 credit and debit card details with the middle six digits obscured. Around 15,000 dates of birth were also taken.
Some papers reported this weekend that the information was being sold for £1.62 per record on the dark web, although this is largely conjecture.
The hacked ISP, which boasts four million, now angry, customers, has confirmed that it will not let anyone out of their contracts without paying exit fees of anything up to hundreds of pounds, unless they can prove that they have had money stolen as a direct result of the attack.

Experian Hacked -> T-mobile affected

2015-10-02
Hackers have stolen information about 15 million people - all of whom had interacted with T-Mobile either as customers or potential customers.
Innocent users have had personal information such as their name, address, and date of birth exposed to the criminals. In addition, encrypted fields in the hacked databases including "social security number and ID number (such as driver’s license or passport number)" may be at risk.
That's reason enough for T-Mobile CEO John Legere to very angry. But imagine his apoplexy when he realises that the hackers didn't breach T-Mobile's computer systems, but those of Experian, one of the largest data brokers and credit agencies in the world - tasked with credit-checking T-Mobile's users.

Patreon hacked

2015-10-02
Patreon, a service that makes it easy to financially back creators, has been hacked and some personal data was breached.
According to an email sent to users, the service found unauthorized access to a database containing full names, email addresses and shipping addresses.

Web.com hacked

2015-08-19
Web.com, a Florida-based web hosting company with up to 3.3 Million customers, has suffered a data breach and may have compromised personal information and credit card data belonging to 93,000 of its clients.
The company on Tuesday confirmed that some unknown hackers had breached one of its computer systems on August 13, 2015, and accessed personal information of nearly 93,000 customers.
Web.com, with the goal to help small businesses succeed online, uncovered the unauthorized activity as part of its ongoing security monitoring and shutdown process.
The stolen information includes:
Credit Card information
Actual Names associated with the payment cards
Residential Addresses

ICANN urges passwords reset due an external service provider breach

2015-08-10
The Internet Corporation for Assigned Names and Numbers (ICANN) has issued another security warning after login credentials of the ICANN.org website have been compromised.
A new incident occurred to the ICANN (Internet Corporation for Assigned Names and Numbers), the organization that is responsible for the coordination of maintenance and methodology of several databases of unique identifiers related to the namespaces of the Internet. According to a security warning issued by the ICANN intruders obtained usernames, email addresses, and password hashes for the registered accounts on the website ICANN.org.

Carphone Warehouse hack: 2.4 million customers' details breached after 'cyber-attack'

2015-08-08
The personal details of up to 2.4 million Carphone Warehouse customers have been accessed by hackers, the mobile phone firm has admitted.
According to a statement from the firm the IT network of one of the firm’s online divisions, was the victim of a “sophisticated cyber-attack” within the last two weeks.

Online Cheating Site AshleyMadison Hacked

2015-07-21
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”

Sloppy password-less security left 1.25 million Japanese pension records exposed

2015-07-07
Toichiro Mizhushima, president of the Japan Pension Service, apologised for the data breach, explaining that it occurred after an attacker targeted staff computers with a malware-laced email.
The Japan Times reports that pension employees were duped into opening a boobytrapped file attached to an email with the subject “Regarding the Review of the Employee’s Pension Fund (Draft)”.
The hot story of the data leak rapidly became the top story on TV news reports.
So far, so bad. But it gets worse.
Because an investigation into the hack has reportedly revealed that 99% of the files accessed by the hackers were not properly password-protected.

Cyberattack Exposes I.R.S. Tax Returns

2015-05-27
Criminals used stolen data to gain access to past tax returns of more than 100,000 people through an application on the Internal Revenue Service’s website, the agency said on Tuesday.

AdultFriendFinder hacked

Hackers have struck one of the world's largest internet dating websites, leaking the highly sensitive sexual information of almost four million users onto the web.

Health Insurer CareFirst hacked

The health insurer CareFirst BlueCross BlueShield has announced that a cyber attack has stolen 1.1 million records of both current and former members.
The insurer, which operates in Maryland, Virginia and the District of Columbia, has a total of 3.4 million users. In a statement made yesterday, it admitted that 1.1 million of those records had been hacked in June 2014. CareFirst only noticed that the records had been compromised as part of a security refresh, undertaken because of the spate of recent healthcare hacks.

EllisLab servers breached by hackers

2015-05-04
"At 10:49am PDT on March 24, 2015, an attacker logged into EllisLab.com with a Super Admin’s stolen password. The perpetrator then uploaded a common PHP backdoor script (a WSO Web Shell variant) that allowed a group of attackers access to our server without requiring authentication," EllisLab CEO Derek Jones explained in a blog post on Friday.
"While evidence shows it is unlikely that they stole the database, we prefer to be cautious and assume they had access to everything," he noted. "Everything" includes usernames, screen names, email addresses, salted and hashed passwords, member profile data; billing name, address and last four digits of the credit card customers used to purchase software from the company; and details regarding support tickets submitted between February 24 and March 24, 2015.

Insider Breach Costs AT&T $25 Million

2015-04-08
AT&T is paying a hefty price - $25 million - for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
The Federal Communications Commission says employees in 2013 and 2014 retrieved customer proprietary network information and other personal data that could be used to unlock AT&T mobile phones. Then, the employees provided that information to unauthorized third parties who appear to have trafficked in stolen cell phones or secondary market phones that they wanted to unlock.

Linux Australia Hacked

2015-04-07
Linux Australia has warned its members and conference attendees that their personal information may have fallen into the hands of online criminals, following a breach of the organisation’s servers.

Puush accidentally infects Windows users with password-stealing malware

The main puush web server was compromised (database and puushed files should be untouched, to the best of our knowledge)
The Windows puush client was replaced with a version (r94) that downloads malware (versions other than r94 should be clean).
The malware may be collecting locally stored passwords, but we are yet to confirm these have been transmitted back to a remote location. We have been running the malware in sandboxed environments and have not been able to reproduce any such behaviour. Even so, we recommend you change any important passwords which were stored on your PC (unless they were in a secure password manager). This includes changing any chrome/firefox/opera/ie/outlook/live messenger/thunderbird saved passwords.

British Airways accounts hacked

2015-03-29
British Airways confirms thousands of frequent-flyer accounts hacked The company confirmed on Sunday that a security breach affected tens of thousands of its users' frequent-flyer accounts.

Stolen Uber Accounts Are Selling for a Dollar on the Dark Net

2015-03-28
But this is the first time we've seen a high-profile sale of Uber account info, enabling people who pay for the stolen details to log in to Uber and take rides using someone else's account. One vendor, Courvoisier, who jumped over to AlphaBay after Evolution shut down, has already sold hundreds of these accounts.
Motherboard's Joseph Cox dug around and contacted some of the people whose accounts leaked, confirming that at least some of the accounts are legit.

Slack hacked

The popular group chat tool Slack suffered a hack of its central database last month, the company admitted Friday, potentially compromising users' profile information like log-on data, email addresses and phone numbers.
The database also holds any additional information users may have added to their profiles like their Skype IDs.

AllCrypt Bitcoin Exchange Clears the Air

2015-03-27
It looks like another digital currency exchange is biting the dust, as AllCrypt announced on Twitter their site has been breached due to an exploit in WordPress. Assuming this story is true, it may have to do with the SQL injection vulnerability found in Yoast SEO, a very popular WordPress plugin.

RadioShack: Not only data breaches

2015-03-24
Apparently Radio Shack had a policy of not selling customer data. But that was before they went bankrupt and the data went to the auction house.
This is a problem with Chapter 7 in the US. Unless a white knight buys the data to kill it (rare, but it has happened), the data will be sold to a firm that is not bound by any RS agreement. Thankfully, it's not healthcare data.

Twitch may have been hacked

2015-03-23
Game streaming website Twitch, which Amazon bought in August for $970 million, has been hacked. The service posted an update on its site saying something may have gained “unauthorized access” to user account information.

Premera Blue Cross hacked, 11M members affected

2015-03-27
Premera Blue Cross announced on Tuesday that it was targeted in a cyberattack that affected some 11 million people.
The hackers may have gained access to customer's personal data, including their social security numbers, mailing addresses and bank account information, the insurance company said, in a statement.
The attackers may have also gained access to claims information, including sensitive clinical data about its users.

Uber Database Breach Exposed Information Of 50,000 Drivers

2015-02-27
The breach, which occurred on May 13 2014, revealed the names and license plate numbers of approximately 50,000 drivers across various states.

According to Ars Technica, Uber seems to have made the most rookie security mistake of them all, which Dan Goodin calls "the online equivalent of stashing a house key under a doormat." It looks like Uber accidentally stored a secure database key—intended for use only by select employees—on a publicly accessible GitHub page. The access key led to a database where drivers' names and license numbers were stored, and was obviously never intended to be public. Once the company realized its database had been breached in May of last year, it changed the key and took the GitHub page offline.
Though Uber hasn't publicly confirmed what was on GitHub or who was responsible, it's implying it by subpoenaing GitHub in an effort to get ahold of the IP address of anyone who might have accessed the GitHub page over seven months in 2014 (which GitHub has already refused to do). The Register has the subpoena and the details, and points out that even if GitHub hands over that info, it'll be extremely lucky if it leads to anything

Talk Talk hacked

TalkTalk, one of the biggest UK-based phone, TV and Internet service provider with 4 million customers, has admitted it suffered a major Data Breach. TalkTalk said customer information was accessed after a breach at a third-party company, in which names, addresses, phone numbers and TalkTalk account numbers have been stolen. According to the report, TalkTalk customers began reporting problems on the TalkTalk forums late last year. Whereas, in some cases, hackers used customer details to scam bank information from the victims.

Bitcoin exchange shuts down

Canadian Bitcoin exchange Cavirtex is shutting down, after hackers managed to compromise its systems, stealing hashed passwords and two factor authentication (2FA) secrets.

Anthem Hacked

2015-02-04
Today, Anthem Inc., the second largest health insurer in America revealed that hackers broke into the company’s servers and stole social security numbers and other personal information. This is a massive data breach with the potential to expose the information of nearly 80 million Anthem customers and has the potential to be the largest health care related data breach in history. The company notes that accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup , Caremore, Unicare, Healthlink, and DeCare were all part of the data breach.

Minecraft hacked

A sad reality for gamers all around the world who enjoy playing the very popular game Minecraft on their PCs. If you are one of them, you'll want to pay attention here.
A plain text file containing over 1,800 Minecraft account usernames and passwords has just been leaked online, German media reports. The details available in the leak has been posted to Pastebin, which would allow anyone to log into a legitimate user's account in order to play online and download the full version of the game to their own computers.
However, the more serious implication of the leaked credentials would be for those affected users who had used the same username and password combination for other online services, like shopping site, banking site, email service or for any social networking site.

Raptr hacked

2015-01-01
User info and passwords compromised ( 22 millions of registered users ) the attackers may have gained unauthorized access to user names, email addresses, password hashes, and first and last names

Staples: Breach may have affected 1.16 million customers' cards

2014-12-19
Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October.
The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers’ credit card data.

Las Vegas Sands Hacked

2014-12-12
Iranian hackers infiltrated the servers of the Las Vegas Sands Hotel earlier this year, wiping out more than $40-million in equipment and data according to a report.

Gygia Hacked

On 27 November 2014, the Syrian Electronic Army hijacked the gigya.com domain by changing it's DNS configuration at the domain registrar. This allowed them to hack into many of Gigya's customer sites like Forbes, Telegraph, NBC, OK Magazine and others. Shortly after the incident, the CEO of Gigya, Patrick Salyer confirmed the news officially on Gigya's blog[12] stating that no data was compromised, and that the issue had been resolved within an hour of Gigya identifying the issue. The next day, on 28 November 2014, the Syrian Electronic Army issued a statement taking responsibility for the attack.
Personal Note: SSO is not the answer because it's a MITM auth!

US Postal Service Hacked

2014-11-11 The US Postal Service Got Hacked http://gizmodo.com/the-us-postal-service-got-hacked-1656911440

Kmart hacked

JPMorgan hacked

2014-10-02 JPMorgan Says Data Breach Affected 76 Million Householdshttp://abcnews.go.com/Technology/wireStory/jpmorgan-data-breach-affected-76m-households-25928015

Japan Airlines hacked

2014-09-30
Japan Airlines Co. said it has become the latest target of hackers, with the information of up to 750,000 customers possibly stolen.
The airline confirmed Monday it has found evidence of unauthorized access to its Customer Information Management System due to a virus attack on computer terminals within its network. The personal data of JAL Mileage Bank members are stored in the system.
The data that may have been leaked include the names, genders, birth dates, addresses, email address and places of work of JAL’s mileage program members.
The airline said there is no indication that the members’ passwords or credit card numbers have been stolen.

Home Depot hacked

Home Depot, the nation’s largest home improvement retailer, announced on Thursday that a total of 56 million unique payment cards were likely compromised in a data breach at its stores, suggesting that the data breach on Home improvement chain was larger than the Target data breach that occurred last year during Christmas holidays.

Freenode IRC hacked

2014-09-11
Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party. We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution. With more than 80,000 customers and 40,000 channels, Freenode, which runs Atheme IRC Services and ircd-seven, is said to be the largest IRC network.

Gmail credentials leaked

2014-09-11
5 Million Gmail Usernames, Passwords Hacked And Posted To Russian Bitcoin Forum

Online gaming data breach in South Korea

2014-08-28
South Koreans must handle the consequences of yet another enormous data breach, this time from online gaming.

Chinese Hackers Stole 4.5 Million US Hospital Records

2014-08-19 http://google.com/newsstand/s/CBIw8NHZrB8 Gizmodo: Why Chinese Hackers Stole 4.5 Million US Hospital Records.

Supermarket chain Supervalu

Supermarket chain Supervalu has reported that more than 200 stores were affected by a computer break-in that exposed customers' debit- and credit-card numbers and other data.

Russian hackers stole 1.2 billion passwords

Russian hackers stole 1.2 billion passwords

Gambling website Paddy Power

Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen

CNET hacked!

2014-07-15
Registered users details stolen by gang demanding 1 Bitcoin If you are a registered user of the CNET technology news website, it might be a good idea to put your emergency password plans into action right now.

Lacie Hacked

2014-07-04 LaCie admits hackers have been stealing its customer information… for the last yearhttp://grahamcluley.com/2014/04/lacie-admits-hackers-stealing-customer-information-last-year/

Butler University data breach victims stretch back over 30 years

2014-07-01

American Express customers receiving new breach notifications

2014-06-20
Customers of American Express are starting to get a new round of breach notification letters. This time, the letters (mostly identical in wording) are due to two separate incidents, but the full impact is unclear - as the exact number of customers set to receive these notices isn't known.
For those keeping score: American Express has now had to issue three different notification letters this month, in order to address three different data breaches.

Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication

2014-06-25

eBay Hacked

2014-05-21
Urges All Members to Change Passwords Immediately

Aol Hacked

2014-04-28
AOL confirmed in a company blog post Monday that "there was unauthorized access to information regarding a significant number of user accounts."

Kickstarter hacked. Change your password now

2014-02-15

Snapchat Hacked, 4.6 Million Accounts Compromised

2014-01-01

Target: Encrypted PINs stolen but not encryption key

2013-12-27

update on 2015-03

Target has agreed to pay $10 million to people affected by the breach of its systems in 2013 that saw 40 million credit and debit card numbers stolen. According to court documents, the retailer's proposed settlement — which has yet to be approved by a federal judge — could pay individuals up to $10,000 in compensation. A court hearing to approve the proposal is scheduled for Thursday.
source: http://www.theverge.com/2015/3/19/8255663/target-proposes-10-million-settlement-after-hack

Sabayon Forums Hacked

2013-11-01
Sabayon Forums Hacked, All Usernames, Passwords, and Emails Compromised

Adobe hacked

2013-10-30 Adobe hack: 38 million accounts breached http://www.bbc.com/news/technology-24740873

Vulnerability in vBulletin Forum Software

35,000 Websites Hacked Using Vulnerability in vBulletin Forum Software

Ubuntu forums hacked

1.82M logins, email addresses stolen

Ubisoft hacked, account info accessed

LivingSocial Hacked

2013-04-26
More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo)

Evernote hacked

2013-03-04
50 million compromised in Evernote hack

Sony Online Entertainment hacked

2013-02-27

Twitter hacked

2013-02-01
The attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

Dropbox Confirms Security Breach

2012-08-01
Dropbox has confirmed that recent reports about spam from its users were a result of a security breach.
"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts," said Dropbox.

Yahoo security breach

Yahoo confirmed Thursday that about 400,000 user names and passwords to Yahoo and other companies were stolen on Wednesday.
A group of hackers, known as the D33D Company, posted online the user names and passwords for what appeared to be 453,492 accounts belonging to Yahoo, and also Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users.

Linkedin Hacked

LinkedIn was hacked on 5 June 2012, and passwords for nearly 6.5 million user accounts were stolen by Russian cybercriminals

Update on Class action 2015-02-27

That led 800,000 American users of LinkedIn premium services to kick off a class action lawsuit which, after being kicked around the legal system for a while, finally got narrowed down to something the social site could live with and it decided to settle: a whole US$1.25 million which leaves everybody with a dollar after the lawyers take their hunk.

3 million bank accounts hacked in Iran

2012-04-16

Global Payments, a major credit card processing company, has reportedly been hacked

Estimates for how many card numbers were lost in the breach range from 50,000 cards all the way up to 10 million, so odds are we won't know for sure how many accounts were really compromised until the dust settles a bit. The Wall Street Journal reports that Global Payments is one of the country's largest processors, and while we know they work closely with New York cab and parking companies, WSJ says they actually have a significant client list and the size of the breach could mushroom. Visa and Mastercard have, for their part, already acknowledged that Global Payments has alerted them to the breach, and stress that their own networks have not been compromised.
Visa Says 1.5M Accounts Were Hacked WSJ's Colin Barr has details Visa's effort to patch a security breach in which information from 1.5 million credit card accounts was stolen. Payment processor Global Payments was removed by Visa as a result.

Youporn CHAT has been hacked

A full dump of the account file (1.5 million user accounts) can be found at deposit files

Zappos hacked

2012-01-16
24 million accounts accessed

Dropbox security bug: ops!

2011-06-20
Dropbox Security Bug Made Passwords Optional For Four Hours http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/

LastPass in trouble? Maybe

2011-05-05

RSA servers hacked as SecurID data stolen

2011-03-18

Sony Online Entertainment hacked

2011-02-05
Sony Online Entertainment Shut Down After 25 Million More Accounts Hackedhttp://www.huffingtonpost.com/2011/05/02/sony-online-entertainment_n_856673.html

RockYou hack

2010-12-09
RockYou hack compromises 32 million passwords

The moral is:

No matter your reputation.

If you keep in one place sensitive data, sooner or later you will be hacked.

Installing SingleID as Blind 2FA you can have the data of the user when you ask for and the delete it. It's Simple like including an iframe button on your server. No backoffice modification needed

Comments