| Risiko / Label | Veröffentlichung | |
|---|---|---|
| Risiko ? / 10 CVE-2023-46304 | vor 5 Stunde(n) | |
| modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). | ||
| Risiko ? / 10 CVE-2024-2377 | vor 5 Stunde(n) | |
| A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information. | ||
| Risiko ? / 10 CVE-2024-2378 | vor 5 Stunde(n) | |
| A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations. | ||
| Risiko ? / 10 CVE-2024-2617 | vor 5 Stunde(n) | |
| A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. | ||
| Risiko ? / 10 CVE-2023-40548 | vor 5 Stunde(n) | |
| A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | ||
| Risiko ? / 10 CVE-2024-4336 | vor 5 Stunde(n) | |
| Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user. | ||
| Risiko ? / 10 CVE-2024-4337 | vor 5 Stunde(n) | |
| Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user. | ||
| Risiko ? / 10 CVE-2024-22405 | vor 5 Stunde(n) | |
| XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue. | ||
| Risiko ? / 10 CVE-2024-31837 | vor 5 Stunde(n) | |
| DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938. | ||
| Risiko ? / 10 CVE-2024-4225 | vor 5 Stunde(n) | |
| Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). | ||
| Risiko ? / 10 CVE-2024-1895 | vor 5 Stunde(n) | |
| The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||
| Risiko ? / 10 CVE-2024-2663 | vor 5 Stunde(n) | |
| The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||
| Risiko ? / 10 CVE-2024-3072 | vor 5 Stunde(n) | |
| The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data. | ||
| Risiko ? / 10 CVE-2024-4185 | vor 5 Stunde(n) | |
| The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification, and if both the "Login the user automatically after the account is verified" and "Verify account for current users" options are checked, then it potentially makes it possible for attackers to bypass authentication for other users. | ||
| Risiko ? / 10 CVE-2024-34050 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. | ||
| Risiko ? / 10 CVE-2024-0216 | vor 5 Stunde(n) | |
| The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||
| Risiko ? / 10 CVE-2024-4226 | vor 5 Stunde(n) | |
| It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed. | ||
| Risiko ? / 10 CVE-2024-1371 | vor 5 Stunde(n) | |
| The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||
| Risiko ? / 10 CVE-2024-34045 | vor 5 Stunde(n) | |
| The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). | ||
| Risiko ? / 10 CVE-2023-52724 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. | ||
| Risiko ? / 10 CVE-2023-52726 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). | ||
| Risiko ? / 10 CVE-2023-52725 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package. | ||
| Risiko ? / 10 CVE-2023-52727 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. | ||
| Risiko ? / 10 CVE-2023-52728 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString. | ||
| Risiko ? / 10 CVE-2024-34043 | vor 5 Stunde(n) | |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | ||
| Risiko ? / 10 CVE-2024-34044 | vor 5 Stunde(n) | |
| The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. | ||
| Risiko ? / 10 CVE-2024-34046 | vor 5 Stunde(n) | |
| The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). | ||
| Risiko ? / 10 CVE-2024-34047 | vor 5 Stunde(n) | |
| O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | ||
| Risiko ? / 10 CVE-2024-34048 | vor 5 Stunde(n) | |
| O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | ||
| Risiko ? / 10 CVE-2024-34049 | vor 5 Stunde(n) | |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. | ||
| 24.04.2024 - Piping Rock | 2.103.100 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites. |
||
| 17.04.2024 - T2 | 94.584 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Salutations In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes. |
||
| 13.04.2024 - Le Slip Français | 1.495.127 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers. |
||
| 02.04.2024 - Salvadoran Citizens | 946.989 Datensätze geleaked | |
| Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach. |
||
| 31.03.2024 - Pandabuy | 1.348.407 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Phone numbers, Physical addresses In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker". |
||
| 25.03.2024 - boAt | 7.528.985 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum. |
||
| 24.03.2024 - Kaspersky Club | 55.971 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes. |
||
| 23.03.2024 - England Cricket | 43.299 Datensätze geleaked | |
| Email addresses, Passwords In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". |
||
| 04.03.2024 - Giant Tiger | 2.842.669 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers. |
||
| 03.03.2024 - WoTLabs | 21.994 Datensätze geleaked | |
| Dates of birth, Email addresses, IP addresses, Time zones, Usernames In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones. |
||
| 01.03.2024 - Mr. Green Gaming | 27.123 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth. |
||
| 26.02.2024 - Cutout.Pro | 19.972.829 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Passwords In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels. |
||
| 18.02.2024 - Tangerine | 243.462 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash. |
||
| 01.02.2024 - SurveyLama | 4.426.879 Datensätze geleaked | |
| Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email". |
||
| 31.01.2024 - Spoutible | 207.114 Datensätze geleaked | |
| Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Usernames In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens. |
||
| 16.01.2024 - Trello | 15.111.945 Datensätze geleaked | |
| Email addresses, Names, Usernames In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred. |
||
| 17.12.2023 - Hathway | 4.670.080 Datensätze geleaked | |
| Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, Support tickets In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs. |
||
| 12.12.2023 - InflateVids | 13.405 Datensätze geleaked | |
| Email addresses, Genders, IP addresses, Passwords, Usernames In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes. |
||
| 14.11.2023 - KitchenPal | 98.726 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Physical attributes, Social media profiles In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging purposes and included passwords that could not be used. Impacted data included almost 100k email addresses, names, geolocations and incomplete data on dates of birth, genders, height and weight, social media profile identifiers and bcrypt password hashes. |
||
| 08.11.2023 - Chess | 827.620 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Usernames In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. |
||
| 04.11.2023 - LinkedIn Scraped and Faked Data (2023) | 19.788.753 Datensätze geleaked | |
| Email addresses, Genders, Geographic locations, Job titles, Names, Professional skills, Social media profiles In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names. |
||
| 18.10.2023 - Toumei | 76.682 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses. |
||
| 01.10.2023 - Facebook Marketplace | 77.267 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts. |
||
| 20.09.2023 - Naz.API | 70.840.771 Datensätze geleaked | |
| Email addresses, Passwords In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords. |
||
| 09.09.2023 - Sphero | 832.255 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, Names, Usernames In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations. |
||
| 29.08.2023 - Qakbot | 6.431.319 Datensätze geleaked | |
| Email addresses, Passwords In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. After the takedown, 6.43M email addresses were provided to HIBP to help notify victims of the malware. |
||
| 09.08.2023 - PlayCyberGames | 3.681.753 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach. |
||
| 02.08.2023 - MagicDuel | 138.443 Datensätze geleaked | |
| Email addresses, IP addresses, Nicknames, Passwords In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes. |
||
| 16.07.2023 - Manipulated Caiman | 39.901.389 Datensätze geleaked | |
| Email addresses In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims. |
||
| 09.07.2023 - Rightbiz | 65.376 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em". |
||
| 20.06.2023 - Dymocks | 836.120 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses. |
||
| 17.06.2023 - BreachForums Clone | 4.204 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes. |
||
| 31.05.2023 - JD Group | 521.878 Datensätze geleaked | |
| Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records including names, email and physical addresses, phone numbers and South African ID numbers. |
||
| 29.05.2023 - Polish Credentials | 1.204.870 Datensätze geleaked | |
| Email addresses, Passwords In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included 1.2M unique email addresses. |
||
| 15.04.2023 - Jobzone | 29.708 Datensätze geleaked | |
| Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Names, Phone numbers, Physical addresses In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses. |
||
| 15.04.2023 - RentoMojo | 2.185.697 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes. |
||
| 05.04.2023 - Genesis Market | 8.000.000 Datensätze geleaked | |
| Browser user agent details, Credit card CVV, Credit cards, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster". The service traded in "browser fingerprints" which enabled criminals to impersonate victims and access their online services. As many of the impacted accounts did not include email addresses, "8M" is merely an approximation intended to indicate scale. Other personal data compromised by the service included names, addresses and credit card information, although not all individuals had each of these fields exposed. |
||
| 31.03.2023 - Tigo | 700.394 Datensätze geleaked | |
| Device information, Email addresses, Genders, Geographic locations, IP addresses, Names, Private messages, Profile photos, Usernames In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages. Tigo did not respond to multiple attempts to disclose the incident. |
||
| 15.03.2023 - MediaWorks | 162.710 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Phone numbers, Physical addresses In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates of birth, genders and the responses to questions in the competition. Some victims of the breach subsequently received ransom demands requesting payment to have their data deleted. |
||
| 06.03.2023 - DC Health Link | 48.145 Datensätze geleaked | |
| Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to "Aegis" and "IntelBroker". |
||