#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

database breached | Breaking Cybersecurity News | The Hacker News

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

Mar 05, 2020
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth, and property information, such as: Market value Property type Mortgage amount, rate, type, and lender Refinance amount, rate, type, and lender Previous owners Year built Number of beds and bathrooms Tax assessment information According to security firm Comparitech , the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko. But after failing to identify the database owner, the server was eventually taken offline more than a
191 Million US Voters' Personal Info Exposed by Misconfigured Database

191 Million US Voters' Personal Info Exposed by Misconfigured Database

Dec 28, 2016
BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters' full names, their home addresses, unique voter IDs, date of births and phone numbers. The database was discovered on December 20th by Chris Vickery , a white hat hacker, who was able to access over 191 Million Americans' personal identifying information (PII) that are just sitting in the public to be found by anyone looking for it. Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users two weeks ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. However, the recent discovery made him shocked when he saw his own information in the database, according to DataBreaches.net, whom the researcher contacted and provided all the details about his finding. 300GB Trove of Voters' Information Leaked Vickery has his hands on all
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Hackers Selling Database of 4 Million Adult Friend Finder Users at $16,800

Hackers Selling Database of 4 Million Adult Friend Finder Users at $16,800

May 25, 2015
Email addresses, sexual orientations, and other sensitive details from about 3.9 Million Adult Friend Finder online hookup service are currently available for sale for 70 Bitcoins (around $16,800/€15,300) on an underground website. Yes, the sex life of almost 4 million subscribers of the casual sex hookup site is now available for anyone to download from the Internet. Adult Friend Finder website , with a tagline " Hookup, Find Sex or Meet Someone Hot Now ," has been breached before April 13 in which nearly 4 Million users have had their personal details compromised. The details include subscribers' user names, email addresses, dates of birth, gender, sexual orientation, postal codes, and IP addresses, which is a treasure trove for online spammers and phishers. Database of nearly 4 Million users available online for 70 Bitcoins: The database has been available on an online forum hidden in Tor anonymity network, which is accessible only through
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
US Prosecutor drops Criminal charges against Barrett Brown

US Prosecutor drops Criminal charges against Barrett Brown

Mar 07, 2014
U.S. Prosecutors decided not to pursue crucial criminal charges against journalist and activist Barrett Brown , and dismiss a majority of charges related to sharing a link to a dump of credit card numbers connected to the breach of intelligence firm Stratfor. Supporters say Brown just copied the hyperlink from an the Internet chat room and then reposted the link on his own internet chat room, Project PM , that linked to stolen documents from the US government contractor, Stratfor Global Intelligence , included 860,000 e-mail addresses for Stratfor subscribers and 60,000 credit card details. Just hours after Brown's lawyers filed their comprehensive argument, the DOJ has filed a motion to dismiss all 11 charges, on Thursday.  Apart from computer fraud charges, Brown is also facing prosecution for allegedly threatening an FBI agent and for alleged obstruction of justice. The Electronic Frontier Foundation (EFF) , a non-profit organization defending civil libertie
vBulletin Forum hacked with Zero Day vulnerability, caused Macrumors Forum Data breach

vBulletin Forum hacked with Zero Day vulnerability, caused Macrumors Forum Data breach

Nov 17, 2013
Last Tuesday, Popular Mac news website MacRumors's user forums was hacked and forum database has been compromised including the username, email and passwords belonging to all 860,000 registered users. Yesterday,  Inj3ct0r Team of Exploit Database website  1337Day claimed the responsibility for the hack and also claimed that they have also hacked the official website of vBulletin Forum using a   Zero Day exploit . " Macrumors.com was based on vBulletin CMS. We use our 0day exploit vBulletin , got password moderator. 860000 user data hacked too. The network security is a myth " he told me. During the conversation, team leader told me that he has discovered a Zero Day Remote Code Execution vulnerability in vBulletin v4.x.x and 5.х.x, that allows an attacker to execute arbitrary code on the server end remotely. On their exploit marketplace they are also selling this zero day exploit with Shell Upload payload at $7000 USD. " We found a critical v
MacRumors forum hacked; more than 860,000 accounts compromised

MacRumors forum hacked; more than 860,000 accounts compromised

Nov 13, 2013
Popular Mac news and information site MacRumors user forums have been breached by hackers on Monday this week. More than 860,000 usernames, emails and hashed passwords were potentially compromised. Users are advised to users that they change their passwords on the forums, as well as any other sites or services where the same password has been used. MD5 with or without salt, to be an inadequate means of protecting stored passwords. Back in 2012, the original author of the MD5 password hash algorithm has publicly declared that MD5 is no longer considered safe to use on commercial websites. u The owner of the site, Arnold Kim, apologized for the intrusion and said that it occurred because the hacker gained access to a moderator account, which then allowed the intruder to escalate their own privileges with the goal of stealing user login credentials. " We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it
Hacker stole $100,000 from Users of California based ISP using SQL Injection

Hacker stole $100,000 from Users of California based ISP using SQL Injection

Oct 22, 2013
In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including  DDoS attack , SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured. Recently a hacking Group named ' TeamBerserk ' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts. A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers. Let's see what SQL Injection is and how ser
Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Oct 04, 2013
Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other programs, revealed that cyber attackers had access user information, including account IDs and encrypted passwords as well as credit and debit card numbers. The company did not specify which users of its various software programs were hit. But Products compromised in this attack include Adobe Acrobat, ColdFusion , and ColdFusion Builder. " We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. " the company said in a customer security alert . Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the
Ubuntu Forums hacked; 2 million user's personal Information compromised

Ubuntu Forums hacked; 2 million user's personal Information compromised

Jul 21, 2013
Ubuntuforums.org , The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. " There has been a security breach on the Ubuntu Forums, " reads the page. The site was defaced by hacker with Twitter handle " Sputn1k_ " and Unfortunately the attacker have gotten every user's local username, encrypted password, and email address from the Ubuntu Forums database. " The Canonical IS team is working hard as we speak to restore normal operations ." page said. Canonical advises users who have used their same forum password on other sites to change it immediately. " Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach, " company stated.
Massive Database from Tango messenger server hacked by Syrian Electronic Army

Massive Database from Tango messenger server hacked by Syrian Electronic Army

Jul 20, 2013
Syrian Electronic Army (SEA), hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango (tango.me), that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a message on Twitter. " Sorry @TangoMe, We needed your database too, thank you for it! https://tango.me #SEA #SyrianElectronicArmy ". In a post on their website , hackers mentioned ," The databases content a of millions of the app user's phone numbers, contacts and their emails. More than 1.5 TB of the daily-backups of the servers network has been downloaded successfully " Screenshot of the backups folder of the servers network of Tango App as shown below: Screenshot of the Tango App log : The outdated version of wordpress CMS allowed them to gain unauthorized access to the database server. At the time of reporting, administrators redirect the website t
Anonymous Hackers claim to breach North Korean site Uriminzokkiri

Anonymous Hackers claim to breach North Korean site Uriminzokkiri

Apr 02, 2013
Hacking group Anonymous claims to have broken into North Korean site Uriminzokkiri.com and got their hands on more than 15,000 user credentials. A message posted online makes the claim and includes details for six accounts, apparently showing user names, e-mail addresses, birth dates, and hashed passwords. " Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of www.uriminzokkiri.com and many more. First we gonna wipe your data, then we gonna wipe your badass dictatorship "government" ." Of the six users, three have Korean names and the other three appear to be Chinese. " North Korean government is increasingly becoming a threat to peace and freedom. We demand: - N.K. government to stop making nukes and nuke-threats,  uncensored internet access for all the citizens  and Kim Jong-un to resign " Fo
Team GhostShell Exposes 700k accounts from African universities and businesses

Team GhostShell Exposes 700k accounts from African universities and businesses

Jan 28, 2013
The Hacktivist group  Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise . Hacker mention, " GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola. " In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store. Hacker release Mysql databases dumps of all these sites via pastebin notes . Hackers said, " Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a resul
Hacker ruined Australian military security in 3 Minutes

Hacker ruined Australian military security in 3 Minutes

Dec 12, 2012
Some 22,300 purported student and staff records held by the Australian Defence Force Academy were stolen and published online last month. A member of the Anonymous group, known as Darwinaire , is claiming responsibility for the theft. The systems were compromised in November, with UNSW notifying staff and students within a day, but has only now come to light. Among the victims are hundreds of senior officers in the army, navy and air force, as well as military personnel from other nations who are enrolled at the academy. Hacker express the lack of security as '' I know, right, very surprised I didn't get kicked out. So simple, took like three minutes , ''. The University of Canberra in which the ADFA resides had warned students of possible phishing attacks but said the compromised passwords were mostly redundant.  Darwinare, who describes himself as ''black hacker'', has previously breached the networks of online bookstore Amazo
Team Ghostshell leaks 1.6 million accounts under #ProjectWhiteFox

Team Ghostshell leaks 1.6 million accounts under #ProjectWhiteFox

Dec 10, 2012
Team Ghostshell a Hacktivists group of hackers, who before was in news for hacking Major Universities Around The Globe and leaked 120,000 records, are once again hit major organisations and expose around 1.6 million accounts  Hacker name the project as #ProjectWhiteFox , means " Freedom of Information " . These leaked 1.6 millions user accounts belongs to aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more. In a Pastebin Note hackers mention, " How we went from 'cyber-criminals' to 'hacktivists' to 'e-terrorists' to 'bad actors' to blacklisted. #ProjectHellFire got the US wary of us, at that time we still wasn't sure if GhostShell had gotten X'd, but when the second release of #ProjectWestWind came out, you guys got so hyped about it that we knew it had started to unfold. " Hacked
Sensitive information of 1 Million people breached at Nationwide Insurance

Sensitive information of 1 Million people breached at Nationwide Insurance

Dec 03, 2012
Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued the following statement Monday concerning the unauthorized access of Nationwide Insurance's website. Spokeswoman Elizabeth Giannetti confirmed a statement by the California Department of Insurance earlier in the day which said "names, social security numbers, and other identifying information" of one million policyholders and non-policy holders were exposed. No credit card details were revealed. About 30,000 people in Georgia were affected, as well as more than 12,000 in South Carolina. Are you affected ? call  The Nationwide at number 800-760-1125.  Affected members and applicants free credit monitoring and identity theft protection services from Equifax for at least one year
Cybersecurity Resources