Major Data Breaches in 2017

2017 has been another year of data breaches. Breach Level Index reports 5,034,800 records lost or stolen every day. There were 3,833 breaches reported through the end of September 2017, exposing over 7 billion records. Compared to the same period in 2016, the number of reported breaches is up 18.2%. The scope of a breach may never be known so there can be no definitive list of “biggest” breaches. But we can list the major breaches considering the impact in terms of the breadth of industries, the high profile of the victims, types and threat vectors.

Victory Phones

The automated telephony services company Victory Phones left a Mongo DB database publicly without a password. In January 2017, 213GB of data was downloaded by an unauthorized party including names, addresses, phone numbers and over 166k unique email addresses.

Compromised data: Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses

Freedom Hosting II 

The free hidden service host Freedom Hosting II suffered a data breach in January 2017. The attack took down 20% of dark websites running behind Tor hidden services with the attacker claiming that of the 10,613 impacted sites, more than 50% of the content was discovered as child pornography. The hack exposed MySQL databases for the sites which included a vast amount of information on the hidden services Freedom Hosting II was managing.

Compromised data: Email addresses, Passwords, Usernames

Little Monsters

Lady Gaga’s fan site known as “Little Monsters” suffered a data breach that impacted 1 million accounts approximately in January 2017. It contained usernames, email addresses, dates of birth and bcrypt hashes of passwords.

Compromised data: Dates of birth, Email addresses, Passwords, Usernames

River City Media Spam List

A massive trove of data from River City Media was found exposed online in January 2017. It contained almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. There were 393 million unique email addresses within the exposed data.

Compromised data: Email addresses, IP addresses, Names, Physical addresses

Coachella

Hundreds of thousands of records from the Coachella music festival were discovered being sold online in February 2017. The data was taken from a combination of the main Coachella website and their vBulletin-based message board. The data included almost 600k usernames, IP and email addresses and salted hashes of passwords (MD5 in the case of the message board).

Compromised data: Email addresses, IP addresses, Passwords, Usernames

PoliceOne

The law enforcement website PoliceOne confirmed they’d suffered a data breach in February 2017. Over 700k accounts appeared for sale by a data broker. Email and IP addresses, usernames and salted MD5 password hashes were included. The original breach dated back to July 2014.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Retina-X     2

The mobile device monitoring software developer Retina-X was hacked in February 2017 and customer data got downloaded before being wiped from their servers. The service which used to monitor mobile devices, had 71k email addresses exposed. Retina-X disclosed the incident in a blog post on April 27, 2017.

Compromised data: Email addresses, Passwords

R2 Games      3.jpg

The forum for the gaming website R2 Games was hacked in early 2017. R2 had previously been compromised in 2015 as well. This one exposed over 1 million unique user accounts and MD5 password hashes with no salt.

Compromised data: Email addresses, Passwords, Usernames, Website activity

Bolt

The file-sharing website Bolt suffered a data breach resulting in the exposure of 995k unique user records approximately in March 2017. The data was leaked from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes. Bolt was previously reported as compromised on the Vigilante.pw breached database directory.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Edmodo    4.jpg

The education platform Edmodo was hacked and exposed 77 million records consisting of over 43 million unique customer email addresses in March 2017. The data was consequently published to a popular hacking forum and made freely available to the public. It included usernames, email addresses and bcrypt hashes of passwords.

Compromised data: Email addresses, Passwords, Usernames

Health Now Networks      5

The telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed in March 2017. It included over 900,000 records in total containing personal information including names, dates of birth, various medical conditions and operator notes on the individuals’ health. Plus, over 320k unique email addresses were exposed.

Compromised data: Dates of birth, Email addresses, Genders, Health insurance information, IP addresses, Names, Personal health data, Phone numbers, Physical addresses, Security questions, and answers, Social connections

Master Deeds

A 27GB database backup file named “Master Deeds” leaked in March 2017. It was found to contain the personal data of tens of millions of living and deceased South African residents. The file included personal data such as names, addresses, ethnicities, genders, birth dates, government issued personal identification numbers and 2.2 million email addresses. The data was sourced from Dracore Data Sciences (Dracore is yet to publicly confirm or deny the data was sourced from their systems). The file was found to have been published to a publicly accessible web server where it was located at the root of an IP address with directory listing enabled on 18th October 2017. The file was dated 8 April 2015.

Compromised data: Dates of birth, Deceased statuses, Email addresses, Employers, Ethnicities, Genders, Government-issued IDs, Home ownership statuses, Job titles, Names, Nationalities, Phone numbers, Physical addresses

Bell (2017 breach)       6

The Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records in May 2017. The data was consequently leaked online with a message from the attacker stating that they were “releasing a significant portion of Bell.ca’s data due to the fact that they have failed to cooperate with us” and included a threat to leak more. The compromised data included over 2 million unique email addresses and 153k survey results from 2011 and 2012.Plus 162 Bell employee records with personal data including names, phone numbers and passwords in plain text. Bell suffered another breach in 2014 which exposed 40k records.

Compromised data: Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames

Zomato      7

The restaurant guide website Zomato was hacked in May 2017. Almost 17 million accounts were exposed. The data was consequently redistributed online. It contained email addresses, usernames and salted MD5 hashes of passwords. The password hash was not present on all accounts.

Compromised data: Email addresses, Passwords, Usernames

MALL.cz      8.jpg

The Czech Republic e-commerce site MALL.cz suffered a data breach in July 2017. 735k unique accounts including email addresses, names, phone numbers, and passwords were later posted online. Although the passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text. The members with strong passwords did not appear in the list. MALL.cz said, the breach only impacted accounts created before 2015.

Compromised data: Email addresses, Names, Passwords, Phone numbers

B2B USA Businesses

A spam list of over 105 million individuals in corporate America was discovered online in mid-2017. Referred to as “B2B USA Businesses”, the list categorized email addresses by employer name, providing information on individuals’ job titles with their work phone numbers and physical addresses.

Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses

Onliner Spambot

A spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq in August 2017. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. There were 711 million unique email addresses, many of which were also accompanied by corresponding passwords.

Compromised data: Email addresses, Passwords

Equifax

Credit reporting agency Equifax exposed Social Security and driver’s license numbers of as many as 143 million consumers. Hackers exploited a weakness in the website software to linger in the system for months.

Compromised data: Social Security and driver’s license numbers

JobStreet     9.png

The Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums in October 2017. The data spanned multiple separate breaches including the JobStreet jobs website which contained almost 4 million unique email addresses. The data breach took place in March 2012 and the data later appeared freely downloadable on a Tor hidden service. It contained information on job seekers including names, genders, birth dates, phone numbers, physical addresses, and passwords.

Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Physical addresses, Usernames

We Heart It      10.jpg

The image-based social network We Heart It suffered a data breach in November 2013. The incident wasn’t discovered until October 2017 when 8.6 million user records were released. The data contained usernames, email addresses, and password hashes. About 80% of passwords were salted SHA-256 with the remainder being MD5 with no salt.

Compromised data: Email addresses, Passwords, Usernames

Imgur      11.png

The online image sharing community imgur suffered a data breach in September 2013. A selection of the data containing 1.7 million email addresses and passwords was exposed more than 4 years later in November 2017. Although imgur stored passwords as SHA-256 hashes, the data in the breach contained plain text passwords. Many of the original hashes had been cracked. In 2016, imgur advises that they rolled over to bcrypt hashes.

Compromised data: Email addresses, Passwords

Ancestry     12 (2)

An Ancestry service known as RootsWeb suffered a data breach in November 2015. It was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.

Compromised data: Email addresses, Passwords

Uber       13

Uber got breached in late 2016 but didn’t disclose the information until November 2017. Hackers got the names and driver’s license numbers of around 600,000 drivers and personal information of 57 million Uber users.

Compromised data: Names and driver’s license numbers, Personal information of Uber users

 ai.type      14

It was discovered by researchers at The Kromtech Security Center, the virtual keyboard application ai.type had left 577GB of data publicly in an unsecured MongoDB instance in December 2017. The data set included personal information including 20 million unique email addresses and social media profiles. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.

Compromised data: Address book contacts, Apps installed on devices, Cellular network names, Dates of birth, Device information, Email addresses, Genders, Geographic locations, IMEI numbers, IMSI numbers, IP addresses, Names, Phone numbers, Profile photos, Social media profiles

dvd-shop.ch

The online Swiss DVD store known as dvd-shop.ch suffered a data breach in December 2017. It exposed 68k email addresses and plain text passwords. The attackers had updated the site to indicate that it is currently closed.

Compromised data: Email addresses, Passwords

Netshoes      15

The online Brazilian retailer known as Netshoes had half a million records compromised from their system posted publicly in December 2017. Brazilian media outlet Tecmundo said the had no indications that they had been compromised. However, Netshoes’ own systems successfully confirm the presence of matching identifiers and email addresses from the data set, indicating a high likelihood that the data originated from the company.

Compromised data: Dates of birth, Email addresses, Names, Purchases

Sources:

http://breachlevelindex.com/

https://pages.riskbasedsecurity.com/hubfs/Reports

https://www.scmagazine.com/

https://nakedsecurity.sophos.com

https://haveibeenpwned.com/PwnedWebsites

http://techgenix.com

https://motherboard.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x

https://www.securitymagazine.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: