Data Loss Database Blog

0 CommentsSQL Injection Leads To BigMoneyJobs.com Leak

2014-04-03 by lee_j 669d227c6260d3c06c0a345d7354644a

Earlier today, a hacker identified as ProbablyOnion2 (who recently breached boxee.tv) has posted data from a large job seeker website resulting in over 36,000 accounts being published online. <br><br> We have created a <a href="http://www.datalossdb.org/incidents/12220" target="_blank">DataLossDB incident</a> and you can read the <a href="https://www.riskbasedsecurity.com/2014/04/sql-injection-leads-to-bigmoneyjobs-com-leak/" target="_blank">full details in the Risk Based Security post.</a>

(read more...)

0 CommentsPotential 7 Million Credit Card Details Leaked

2014-03-24 by lee_j Xlpbg-yi

UPDATE: Based on further analysis along with discussions with journalists, it appears that this credit card dump contains valid, but older card data that had been previously disclosed. To date, there is no solid evidence this represents a new breach. <br /><br /> The last couple of weeks have seen tensions rising between Russia and Ukraine, and along with it an increase in computer crime. <br /><br /> Sometime earlier this morning, a post allegedly by Anonymous Ukraine has claimed to have published “more than 800 mi...

(read more...)

0 CommentsOver 822 Million Records Exposed In 2013

2014-02-20 by jkouns Software_img

The Data Breach QuickView report was just released and is possible through the partnership and combined resources of Risk Based Security and the Open Security Foundation. It is designed to provide an executive level summary of the key findings from RBS’ analysis of 2013’s data breach incidents. You can <a href="https://www.riskbasedsecurity.com/2014/02/2013-data-breach-quickview/">view the announcement and report here.</a>

(read more...)

0 CommentsForbes Data Breach Impacts Over 1 Millions Accounts

2014-02-15 by lee_j Tumblr_static_forbes_icon

Today The Syrian Electronic army via their Twitter account <a href="https://twitter.com/Official_SEA16" target="_blank">@Official_SEA16</a> announced that they have <a href="http://www.datalossdb.org/incidents/11639-1-056-986-names-email-addresses-usernames-and-passwords-stolen-by-the-syrian-electronic-army" target="_blank">leaked the Forbes WordPress user database</a> not long after it was announced that they had managed to <a href="http://news.softpedia.com/news/Forbes-Hacked-by-Syrian-Electronic-Army-426797.shtml" target="_blank">hack their website.</a> <br /><br /> <a href="http://news.softpedia.com/news/Syrian-Electronic-Army-Leaks-Details-of-over-16-000-Forbes-Readers-427024.shtml" target="_blank">Eduard Kovacs from Softpedia</a> has stated that the leak has a been uploaded to an IP address (91.227.222.39) which was also used last year in a defacement on <a href="http://news.softpedia.com/news/Syrian-Electronic-Army-Defaces-US-Marine-Corps-Website-to-Send-Them-a-Message-379692.shtml" target="_blank">http://marines.com/</a> as well. <br /><br /> This breach is quite substantial and includes 1,056,986 unique emails addresses and account...

(read more...)

0 CommentsData, data everywhere! Where it comes from, nobody really knows?

2013-12-16 by lee_j Data-through-tubes-via-niem-1347044649

While there are still a few weeks left in 2013, it has already been the most severe in terms of data breaches in the last 10 years with over <a href="https://www.cyberriskanalytics.com/" target="_blank">705 million records lost</a>. In addition, 4 of the top 10 data breaches of all time happened in 2013, with the <a href="http://www.datalossdb.org/incidents/10609" target="_blank"> top spot now belonging to Adobe</a> (at least for the moment). <br /><br /> The Adobe breach was discovered and brought to light by <a href="http://krebsonsecurity.com" target="_blank">Brian Krebs</a> and information security researcher <a href="http://www.holdsecurity.com/" target="_blank">Alex Holden</a> back in <a href="http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/" target="_blank">October</a> (<a href="http://www.holdsecurity.com/#!advisory-board/c393/" target="_blank">Brian Krebs is an Advisor</a> to Alex Holden’s company)....

(read more...)

3 CommentsLooking Through the Cloudy PRISM

2013-06-11 by eabsetz 0*ybsekesnhq14u80t

As you have no doubt heard, a lot of fuss has been made over the past couple days involving both NSA, Verizon, and Facebook, as well as several other companies and governments. Here, we want to provide a concise overview of the information available at this point, along with some links to additional reading about the program that is known as “PRISM”. <br /><br /> On June 6, 2013, the Guardian published an <a href="http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data" target="_blank">article</a> that suggested a classified order was issued on April 25, 2013 that allowed the United Stat...

(read more...)

1 CommentsNothing is certain but death, taxes and identity theft.

2013-03-12 by eabsetz 1040

As we are well into tax season, there has been a trend of articles in the news involving identity theft and tax fraud. Individuals are stealing information from various sources, which are not only businesses, but also straight out of mailboxes in order to commit identity theft and file false tax returns. Some of these criminals have been reported to net as much as $11 million with their schemes before being caught. 641,690 incidents had been identified by the IRS as of September 30, 2012. <br /><br /> Ea...

(read more...)

3 CommentsKnock, knock. Who's there? No one.

2013-02-22 by Dissent Yhteys

As we mentioned in our last post, trying to contact and confirm organizations that have reportedly been breached can be time-consuming and frustrating. When that organization is a hospital and we cannot reach anyone or get a response, it's especially concerning. <br /><br /> Yesterday, I tried to contact [Redacted] Hospital. I went to their site for contact info, but they had no phone directory or email directory by department or office. So I called their main number and asked for IT. I was sent to voic...

(read more...)

1 CommentsFool us once, shame on you. Fool us twice, we implement policies!

2012-12-26 by Dissent False-claims

It had all the makings of a sexy data breach story. An individual with the Twitter nick of @TibitXimer claimed to have exploited a vulnerability on Verizon’s server and dumped about 300,000 records out of an estimated 3,000,000 customer records allegedly acquired. <br /><br /> ZDNet trumpeted the headline, “<a href="http://www.zdnet.com/hacker-verizon-duel-over-customer-record-claims-7000009151/" target="_blank">Exclusive: Hacker nabs 3m Verizon customer records.</a>” They reported: <br /><br /> "A hacker has posted around 300,000 database entries of Verizon customers to the Web, after exploiting a vulnerability in the ce...

(read more...)

3 CommentsIs A Data Breach A Life Or Death Situation?

2012-12-13 by eabsetz Life-and-death

Most people would agree that security is important; however, many would have a hard time saying that a data breach could be a life or death situation. Sadly, in the past few weeks there have been two cases that may qualify for that characterization in the news. <br /><br /> The first case is the data breach at <a href="http://datalossdb.org/incidents/8465" target="_blank">King Edward VII Hospital on December 4, 2012</a>. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To thei...

(read more...)


Sponsored By: Rbs Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail [email protected] with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2014, Open Security Foundation, All Rights Reserved.