ABCDEFGHIJKLMNOPQRS
1
WHID IDEntry TitleIncident DescriptionReferenceDate OccurredAttack MethodApplication WeaknessOutcomeAttacked Entity FieldAttacked Entity GeographyMass AttackMass Attack NameNumber of Sites AffectedAttack Source GeographyAttacked System TechnologyCostItems LeakedNumber of RecordsAdditional Link
2
2024-033WHID 2024-033: Zee Media website hacked, accused of making ‘fun of the situation’ in BangladeshZee Media Corporation Limited website has been hacked. Bangladeshi hackers group “SYSTEMADMINBD” is behind the cyber hack which accuses the publication of mocking the situation in Bangladesh.https://www.msn.com/en-in/news/world/zee-media-website-hacked-accused-of-making-fun-of-the-situation-in-bangladesh/ar-AA1pdAqp?ocid=BingNewsVerp 8/21/2024UnknownUnknownDefacementMediaSYSTEMADMINBD
3
2024-032WHID 2024-032: DeFi exchange dYdX v3 website hacked in DNS hijack attackDecentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised.https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/? 7/23/2024DNS HijackingInsufficient AuthenticationDowntimeFinance
4
2024-031WHID 2024-031: Bangladesh Chhatra League website hacked amid nationwide unrestBangladesh Chhatra League’s official website (https://bsl.org.bd/) has been hacked amid nationwide protests by students and job seekers calling for reforms to the quota system for government jobs.https://bdnews24.com/bangladesh/46a284fbc631 7/18/2024UnknownUnknownDefacementPolitics
5
2024-030WHID 2024-030: Russian hackers claim Times of Malta website attack, threaten othersA short time later, Times of Malta's website was overwhelmed by connection requests, forcing it offline.

The attack, known as a Distributed Denial of Service, or DDoS, overloaded Times of Malta servers and breached existing protections in place, causing the website to go offline for most readers for around 45 minutes at its peak, after the Telegram group was instructed to "attack". It continued until 10am on Tuesday.
https://timesofmalta.com/articles/view/russian-hackers-claim-times-malta-website-attack-threaten-others.10825442/8/2024Denial of ServiceInsufficient Anti-Automation DowntimeMedia
6
2024-029WHID 2024-029: Chinese hackers breached Dutch Ministry of DefenseChinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor.https://www.helpnetsecurity.com/2024/02/07/chinese-hackers-dutch-mod/2/7/2024Remote Code Execution Improper Input ValidationPlanting of malwareGovernment
7
2024-028WHID 2025-028: Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers.https://www.helpnetsecurity.com/2024/02/07/cve-2024-21893-exploited/2/7/2024Server Side Request ForgeryImproper Input Validation Webshells Multiple
8
2024-027WHID 2024-027: Cloudflare Hacked After State Actor Leverages Okta BreachCloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in Okta Breach.https://www.hackread.com/cloudflare-hacked-state-actor-okta-breach/2/2/2024Session HijackingInsufficient AuthenticationAccount takeoverTechnology
9
2024-026WHID 2024-026: Cyberattack hits Georgia county where Trump is chargedAn unexpected outage has downed the county’s phone systems and brought certain online transactions to a halt, including those filing property tax, firearms and marriage licenseshttps://theedgemalaysia.com/node/6990401/30/2024Denial of ServiceInsufficient Anti-Automation DowntimeGovernment
10
2024-025WHID 2024-025: Manta Network Faces DDoS Attack Shortly After Token Issuance
The network fell victim to a Distributed Denial of Service (DDoS) attack, resulting in prolonged withdrawal times and sluggish network performance. Despite this disruption, Manta’s developers have assured users that their funds remain secure, and efforts are underway to resolve the situation.https://www.cryptopolitan.com/manta-network-faces-ddos-attack-shortly/ 1/19/2024Denial of ServiceInsufficient Anti-Automation DowntimeFinance
11
2024-024WHID 2024-024: Swiss websites hit by DDoS attacks during World Economic Forum in DavosSwiss websites were hit by a wave of distributed denial-of-service (DDoS) attacks this week, likely orchestrated by pro-Russian hackers.https://therecord.media/swiss-websites-targeted-ddos-attacks-davos1/18/2024Denial of ServiceInsufficient Anti-Automation Downtime Government
12
2024-023WHID 2024-023: Ukrainian arrested for infecting US cloud provider with cryptomining malwareStarting in 2021, the suspect infected the servers of “one of the world's largest e-commerce companies” by hacking 1,500 accounts of a subsidiary, the police said. The attacker used self-developed software for an automatic password-testing method known as a brute force attack.https://therecord.media/ukraine-arrests-suspect-cryptojacking-cloud-resources1/15/2024Brute ForceInsufficient Anti-AutomationAccount takeoverTechnology
13
2024-022WHID 2024-022: NoName Targets Multiple Websites in Lithuania, Blames it for Aiding UkraineSeveral prominent organizations in Lithuania, including Compensa Vienna Insurance Group, If Insurance, Lithuanian Roads Association, AD REM, INIT, and Balticum, have allegedly fallen victim to the NoName attack. The threat actors, identified as the NoName ransomware group, have been actively sharing posts detailing the impact of the cyberattack on Lithuania websites. https://thecyberexpress.com/cyberattack-on-lithuania-websites/1/15/2024Denial of ServiceInsufficient Anti-AutomationDowntimeHealth
14
2024-021WHID 2024-021: Over 6,700 WordPress Sites Spotted Using Plugin Infected by New Balada Injector MalwareOver 6,700 WordPress websites fell victim to a sophisticated cyber campaign deploying the notorious Balada Injector malware. https://www.techtimes.com/articles/300560/20240112/over-6-700-wordpress-sites-spotted-using-plugin-infected-new.htm1/12/2024Cross-site Scripting (XSS)Improper Output HandlingPlanting of MalwareCMS
15
2024-020WHID 2024-020: Raptor School Safety Software Breach Exposed 4 Million Records Including Highly Sensitive DataThe non-password protected documents were in three separate cloud storage buckets and totaled 4,024,001 records. Upon further research, the documents indicated the database belonged to a Texas-based school security company called Raptor Technologies. https://www.vpnmentor.com/news/report-raptortech-breach/1/11/2024Forceful BrowsingInsufficient AuthenticationData breachEducation
16
2024-019WHID 2024-019: Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22.
https://www.securityweek.com/volexity-catches-chinese-hackers-exploiting-ivanti-vpn-zero-days/1/10/2024RCEImproper Input HandlingWebshellEducationIvanti CVEs CVE-2023-46805
CVE-2024-21887
17
2024-018WHID 2024-018: Hackers seize control of SEC’s X account to promote cryptoThe Securities and Exchange Commission said Tuesday an “unknown party” had hacked its official account on the social media platform X to promote bitcoin, the latest of multiple hacks used to push cryptocurrencies.https://www.washingtonpost.com/technology/2024/01/09/sec-hack-x-crypto/1/10/2024Brute ForceInsufficient AuthenticationAccount takeoverSocial
18
2024-017WHID 2024-017: The Iconic promises to issue refunds to hacked customersOnline retailer The Iconic has pledged to issue full refunds to customers who have been left out of pocket following a rise in hackers using stolen login details to access their accounts.

The company confirmed it had seen a spike in “credential stuffing” – a method of attack in which hackers use lists of compromised user credentials, such as email and password combinations exposed in separate data breaches, to breach other systems.
https://www.smh.com.au/business/companies/the-iconic-promises-to-issue-refunds-to-hacked-customers-20240109-p5ew1c.html1/9/2024Brute ForceInsufficient Anti-AutomationAccount takeoverRetail
19
2024-016WHID 2024-016: loanDepot Cyberattack: Critical Systems Offline as Rapid Response UnfoldsLoanDepot, a major player in the mortgage lending industry, has fallen victim to a cyber incident, marking the fourth cyberattack on a real estate industry organization in recent months.

The company issued a statement to its customers on its official website, acknowledging the cyberattack on loanDepot and revealing that specific systems have been taken offline as part of their efforts to address the situation promptly.
https://thecyberexpress.com/cyberattack-on-loandepot-system-goes-offline/1/9/2024UnknownUnknownDowntimeFinance
20
2024-015WHID 2024-015: Cyberattack Hits Maldives Government: Websites Recover Amid Diplomatic TensionsOver the weekend, the Maldives faced a cyberattack, resulting in the temporary unavailability of the official websites of the President’s office, Foreign Ministry, and Tourism Ministry. Users attempting to access these sites encountered disruptions for several hours on Saturday night.https://thecyberexpress.com/cyberattack-on-maldives-government/1/8/2024Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
21
2024-014WHID 2024-014: Bangladesh official alleges cyberattack ‘from Ukraine and Germany’ targeted electionAn official at the Bangladesh Election Commission has claimed that a cyberattack “from Ukraine and Germany” caused an election information app to crash as voters went to the polls on Sunday.https://therecord.media/bangladesh-election-information-app-alleged-cyberattack1/8/2024Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
22
2024-013WHID 2024-013: Hacked X accounts with gold checkmarks are for sale on the dark web, says studyThe most common targets of the sellers of gold X accounts are organizational accounts that have remained dormant since before 2022. One of the techniques they try is to brute force the credentials of these accounts using credential stuffing tools like Open Bullet, SilverBullet, and SentryMBA. Once a complete account takeover is done through changing recovery email and contact details, the thieves pay to convert the account to gold status, and put it up for sale.
https://www.csoonline.com/article/1287695/hacked-x-accounts-with-gold-checkmarks-are-for-sale-on-the-dark-web-says-study.html1/5/2024Brute ForceInsufficient Anti-AutomationAccount takeoverSocial
23
2024-012WHID 2024-012: Orange Spain taken offline following massive cyberattack caused by "ridiculously weak" passwordOrange Spain has suffered a major outage earlier this week after a threat actor going by the alias “Snow” obtained a “ridiculously weak” password for an account that manages the global routing table and controls the networks that deliver the company’s internet traffic.https://www.techradar.com/pro/security/orange-spain-taken-offline-following-massive-cyberattack-caused-by-ridiculously-weak-password1/5/2024Stolen CredentialsInsufficient AuthenticationDowntimeTechnology
24
2024-011WHID 2024-011: Alleged Phoenix Group DDoS Attack Disrupts US Congress WebsiteThe hacking group Phoenix has claimed responsibility for a Distributed Denial of Service (DDoS) attack on the website of the US Congress. The hacker group posted a message asserting that the congressional website had been disabled, specifically targeting pages related to lobbying and online reporting in the United States.https://thecyberexpress.com/phoenix-hit-us-congress-website-in-ddos-attack/1/5/2024Denial of ServiceInsufficient Anti-AutomationDowntimeGovernmentPheonix
25
2024-010WHID 2024-010: 23andMe tells victims it’s their fault that their data was breachedThe data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/1/3/2024Brute ForceInsufficient Anti-AutomationAccount takeoverHealth
26
2024-009WHID 2024-009: DoorDash hacker took hundreds of dollars from her accountA few days later, DoorDash said it confirmed Rivas' account had been taken over by a hacker and that it believed the vulnerability may have caused by her personal email account.https://www.nbcsandiego.com/nbc-7-responds-2/doordash-hacker-took-hundred-from-her-account-says-oceanside-mom/3394218/1/3/2024UnknownInsufficient AuthenticationAccount takeoverTechnology
27
2024-008WHID 2024-008: Mandiant, the security firm Google bought for $5.4 billion, gets its X account hackedGoogle-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Twitter) on Wednesday after an unknown scammer hijacked it and used it to spread a link that attempted to steal cryptocurrency from people who clicked on it.https://arstechnica.com/security/2024/01/hacked-x-account-for-google-owned-security-firm-mandiant-pushes-cryptocurrency-scam/1/3/2024UnknownUnknownAccount takeoverSocial
28
2024-007WHID 2024-007: Hacker Threatens Colima State Congress with Database LeakA threat actor has come forward claiming to have leaked a database and executed SQL injection for the H. Congress of the State of Colima in Mexicohttps://thecyberexpress.com/h-congress-of-the-state-of-colima-data-breach/1/4/2024SQL InjectionImproper Input HandlingData breachGovernment
29
2024-006WHID 2024-006: This dangerous malware is able to hijack your Google Account by reviving cookiesA serious exploit affecting Google services that is being used to grant threat actors access to Google Accounts has been uncovered by cybersecurity company CloudSEK.https://www.techradar.com/pro/security/this-dangerous-malware-is-able-to-hijack-your-google-account-by-reviving-cookies1/1/2024Cookie StealingInsufficient AuthenticationAccount takeoverTechnology
30
2024-005WHID 2024-005: MULTIPLE ORGANIZATIONS IN IRAN WERE BREACHED BY A MYSTERIOUS HACKERHudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.https://securityaffairs.com/156761/hacking/multiple-organizations-iran-hacked.html1/1/2024UnknownUnknownData breachTechnology
31
2024-004WHID 2024-004: Cyber attack on Victoria's court system may have exposed recordings of sensitive casesVictoria's court system has been hit by a ransomware attack, which an independent expert believes was orchestrated by Russian hackers.

A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the court system's audio-visual archive. That would mean recordings of hearings including witness testimony from highly sensitive cases may have been accessed or stolen.
https://www.abc.net.au/news/2024-01-02/victoria-court-system-targeted-in-cyber-attack-russian-hackers/1032721181/1/2024UnknownUnknownData breachGovernment
32
2024-003WHID 2024-003: Government’s main server faces cyberattacksNepal government’s main server has faced cyberattacks leading to disruptions of hundreds of government websites across the country on Monday.https://kathmandupost.com/national/2024/01/01/government-s-main-server-faces-cyberattacks1/1/2024Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
33
2024-002WHID 2024-002: Anonymous Sudan Allegedly Attacks Twitch, But Is It Real?Users of the live streaming app might encounter service disruptions, rendering it inaccessible for watching live streams.
https://thecyberexpress.com/cyberattack-on-twitch/1/1/2024Denial of ServiceInsufficient Anti-AutomationDowntimeTechnologyAnonymous Sudan
34
2024-001WHID 2024-001: Alleged DDoS Rampage: NoName Targets Multiple Finnish OrganizationsThe notorious NoName ransomware group, believed to have Russian connections, has reportedly launched a series of cyberattacks targeting several Finnish government organizations in its latest spree. As a consequence of these alleged NoName cyberattacks on Finland-based entities, the websites of multiple victims experienced temporary inaccessibility.https://thecyberexpress.com/noname-cyberattacks-on-finland/1/1/2024Denial of ServiceInsufficient Anti-AutomationDowntimeGovernmentNoName
35
2023-015WHID 2023-015: Hours-long disruption to Singapore public hospitals' websites caused by DDoS attack
An hours-long disruption that affected the websites of Singapore's public healthcare institutions on Wednesday (Nov 1) was caused by a distributed denial-of-service (DDoS) attack. https://www.channelnewsasia.com/singapore/hospital-websites-hours-long-disruption-synapxe-ddos-attacks-3894866 11/1/2023Denial of ServiceInsuffucient Anti-AutomationDowntimeMedical
36
2023-014WHID 2023-014: Okta breach: 134 customers exposed in October support system hackOkta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/ 9/28/2023UnknownUnknownData breachTechnologyFiles on 134 customers
37
2023-013WHID 2023-013: Suspected DDoS attack impacts AP news siteThe Associated Press reports that its news website was impacted by an outage believed to be caused by a distributed denial-of-service attack.https://www.scmagazine.com/brief/suspected-ddos-attack-impacts-ap-news-site10/31/2023Denial of ServiceInsufficient Anti-AutomationDowntimeMediaAnonymous Sudan
38
2023-012WHID 2023-012: RANSOMWARERansomware Gang Takes Credit for Disruptive MGM Resorts CyberattackA known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the hospitality and entertainment giant has yet to restore many of the impacted systems.https://www.securityweek.com/ransomware-gang-takes-credit-for-highly-disruptive-mgm-resorts-attack/ 9/10/2023Social EngineeringInsufficient employee trainingDowntimeHospitalityALPHV (aka BlackCat)
39
2023-011WHID 2023-011: Tesla owner warning others after being locked out of car, account hackedFalzon says Haider, and other Tesla owners, should set up multi-factor authentication which could have prevented the hack. It requires users to go through additional steps to access their accounts.

“This is really a cybersecurity issue related to authentication. Not so much specific to the vehicle itself,” Falzon said, noting as more vehicles move to app-based access, this won’t be a problem for just Tesla owners.
https://toronto.citynews.ca/2023/08/23/tesla-owner-car-account-hacked/8/23/2023UnknownInsufficient AuthenticationAccount takeoverAutomotive
40
2023-010WHID 2023-010: South African News Website Says it Faced Cyber Attack After Publishing Report on Modi“Since publishing, Daily Maverick has been subjected to a distributed denial of service (DDoS) attack,” the publication said on X (formerly Twitter).

” A DDoS attack is described as a malicious attempt to disrupt the normal traffic of a targeted server, network or website by overwhelming the target or its surrounding infrastructure with a flood of internet traffic,” it explained.

“Several hours ago, the site suddenly went down. We picked it up very quickly and started identifying a massive distributed denial of service (DDoS) attack. We investigated and found it was coming from a whole host of Indian servers,” said Daily Maverick’s security coordinator at 11:30 pm IST on Wednesday.
https://thewire.in/media/south-african-news-website-says-it-faced-cyber-attack-after-publishing-report-on-modi8/23/2023Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
41
2023-009WHID 2023-009: Scammers steal $500m from tax officeFraudsters have used hacked credentials to claim more than half a billion dollars from the tax office, by creating false myGov accounts and linking them to the files of genuine taxpayers.https://www.thesaturdaypaper.com.au/post/max-opray/2023/07/26/scammers-steal-500m-tax-office7/26/2023Stolen CredentialsInsufficient AuthenticationMonetary LossGovernment
42
2023-008WHID 2023-008:Outlook.com hit by outages as hacktivists claim DDoS attacksOutlook.com hit by outages as hacktivists claim DDoS attackshttps://www.bleepingcomputer.com/news/microsoft/outlookcom-hit-by-outages-as-hacktivists-claim-ddos-attacks/ 6/5/2023Denial of ServiceInsufficient Anti-AutomationDowntimeTechnologyAnonymous Sudan
43
2023-007WHID 2023-007: Terra.money Freezes Website Amid Phishing Scam ConcernsIn a bid to safeguard its users from ongoing phishing attacks, Terra.money has taken the proactive step of freezing its website temporarily. The attackers managed to compromise the Terra website and exploited it for phishing scams, endangering the platform’s users. In response, Terra swiftly froze its domains associated with the platform, halting the proliferation of user-targeted phishing scams. https://coinwire.com/terramoney-freezes-website-amid-phishing-scam-concern/8/19/2023UnknownUnknownPhishingFinance
44
2023-006WHID 2023-006: Clorox takes servers offline, notifies law enforcement after ‘unauthorized activity’Cleaning product giant Clorox announced a cybersecurity incident this week that forced it to take several systems offline.

The company – which reported more than $7 billion in earnings in 2022 through its namesake cleaning product and several others like Pine Sol, Burt’s Bees and more – reported the incident in regulatory filings with the U.S. Securities and Exchange Commission (SEC) Monday.
https://therecord.media/clorox-takes-servers-offline-after-cyber-incident8/15/2023UnknownUnknownDowntimeRetail
45
2023-005WHID 2023-005: Canada vows more military aid for Ukraine as PM's website hackedThe prime minister's official website on Tuesday morning showed a "service is unavailable" error when checked by Reuters. Trudeau said the cyber attacks were an "unsurprising" act by Russian hackers.

"We are aware of reports that some Government of Canada websites have been offline," a spokesperson for Canada's Communications Security Establishment (CSE) said in a statement, and echoed Trudeau's comment that it not an uncommon occurrence in countries hosting visits by Ukrainian government officials.
https://www.reuters.com/world/canada-pledges-fresh-military-aid-ukraine-sanctions-russia-2023-04-11/4/11/2023UnknownUnknownDowntimeGovernment
46
2023-004WHID 2023-004: Hackers target over 1,000 Indian websites as part of malicious Independence Day campaignCybersecurity researchers disclosed on Friday that a group of hackers had aimed their sights at more than 1,000 Indian websites as part of a campaign aligned with Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist collectives from diverse nations and employed a variety of techniques, including Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user accounts, as detailed by the CloudSEK team.https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-198/18/2023UnknownUnknownAccount takeoverFinanceOpIndia
47
2023-003WHID 2023-003: Hackers target over 1,000 Indian websites as part of malicious Independence Day campaignCybersecurity researchers disclosed on Friday that a group of hackers had aimed their sights at more than 1,000 Indian websites as part of a campaign aligned with Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist collectives from diverse nations and employed a variety of techniques, including Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user accounts, as detailed by the CloudSEK team.https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-198/18/2023UnknownUnknownDefacementEducationOpIndia
48
2023-002WHID 2023-002: Hackers target over 1,000 Indian websites as part of malicious Independence Day campaignCybersecurity researchers disclosed on Friday that a group of hackers had aimed their sights at more than 1,000 Indian websites as part of a campaign aligned with Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist collectives from diverse nations and employed a variety of techniques, including Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user accounts, as detailed by the CloudSEK team.https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-198/18/2023Denial of ServiceInsufficient Anti-AutomationDowntimeGovernmentOpIndia
49
2023-001WHID 2023-001: Has Trump’s Patriot Defense Legal Fund Website Been Hacked?The Patriot Legal Defense Fund website, seemingly established to support aides and employees of former President Donald Trump with their rapidly increasing legal expenses, has been hacked. The home page has been defaced to strike through Trump’s name and add an “America Is Already Great!” strapline. But the hacker has altered far more than just the banner.https://www.forbes.com/sites/daveywinder/2023/08/20/has-trumps-patriot-defense-legal-fund-website-been-hacked/?sh=1702ea0023328/18/2023UnknownUnknownDefacementPolitics
50
2019-003WHID 2019-003: Official Fortnite Twitter account has been hackedWell, it appears that the hate for Epic Games’ recent decisions has led to some individual taking inappropriate measures against the official Fortnite Twitter account.https://fortniteintel.com/official-fortnite-twitter-account-has-been-hacked/15266/4/3/2019UnknownUnknownAccount TakeoverSocial
51
2019-002WHID 2019-002: Ticketmaster Breach Part of Massive Payment Card Hacking CampaignThreat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.https://www.darkreading.com/attacks-breaches/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign/d/d-id/13322667/10/2018UnknownUnknownPlanting of MalwareMagecart
52
2019-001WHID 2019-001: MyPillow and Amerisleep wake up to Magecart card theft nightmareMyPillow and Amerisleep are both popular mattresses and bedding merchants in the United States. While their websites boast the best deals around for a proper night's sleep, what is lacking is an acknowledgment of two separate security incidents potentially impacting their customers -- incidents which RiskIQ says took place as far back as 2017.https://www.zdnet.com/article/mypillow-and-amerisleep-wake-up-to-magecart-card-theft-nightmare/3/21/2019UnknownUnknownPlanting of MalwareRetailMagecart
53
2016-014WHID 2016-014:Reddit doesn’t support 2FA – a hacker just proved why it shouldA hacker who’s spent the last two weeks hijacking Reddit moderator accounts and defacing their subreddit pages appears to be doing it partly to make a point about Reddit’s security, and also just because he can.https://nakedsecurity.sophos.com/2016/05/12/reddit-doesnt-support-2fa-a-hacker-just-proved-why-it-should/5/12/2016Brute ForceInsufficient AuthenticationAccount TakeoverSocial
54
2016-013WHID 2016-013: Hacker convicted for infiltrating Country Liberals' websiteThe then-18-year old used a SQL database command attack, known as SQL injection, to unlawfully access the online membership application section of the site.http://www.itnews.com.au/news/hacker-charged-for-infiltrating-country-liberals-website-4195165/13/2016SQL InjectionImproper Input HandlingLeakage of InformationPolitics
55
2016-012WHID 2016-012: Traceable data 'stolen from fetish forum'A hardcore fetish web forum has been hacked, with more than 100,000 accounts exposed, according to a prominent security researcher.http://www.bbc.com/news/technology-362755475/12/2016SQL InjectionImproper Input HandlingLeakage of InformationEntertainment
56
2016-011WHID 2016-011: Customer data hacked from Kiddicare 'test' websiteKiddicare, the nursery supplies retailer acquired and discarded by supermarket Morrisons, has admitted that almost 800,000 customers' details were stolen in a data breach dating back to November 2015. http://www.computing.co.uk/ctg/news/2457541/customer-data-hacked-from-kiddicare-test-website5/10/2016UnknownUnknownLeakage of InformationRetail
57
2016-010WHID 2016-010: Hackers halt Utkal varsity’s e-admissionsThe official website of Odisha’s oldest university, Utkal University, was Tuesday hacked for the second time in a week forcing officials to shut down the e-admission process. Although it wasn’t clear if the hackers stole any information, the website was defaced and the page showed a group called ‘Pak Cyber Attackers’ to be responsible for the attack. - See more at: http://indianexpress.com/article/india/india-news-india/hackers-halt-utkal-varsitys-e-admissions-2794346/#sthash.UYkwpg8k.dpufhttp://indianexpress.com/article/india/india-news-india/hackers-halt-utkal-varsitys-e-admissions-2794346/5/11/2016UnknownUnknownDefacementEducation
58
2016-009WHID 2016-009: Domo Arigato: White hat reports vulnerability on Mr. Robot websiteIt couldn't have been scripted any better. The new promotional website for season two of the USA Network's computer hacking drama Mr. Robotrequired an emergency patch after a white-hat hacker discovered a cross-site scripting (XSS) vulnerability, according to a report from Forbes.com.http://www.scmagazine.com/domo-arigato-white-hat-reports-vulnerability-on-mr-robot-website/article/495684/5/11/2016Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverEntertainment
59
2016-008WHID 2016-008: Homeland Security warns of hackers exploiting SAP security flawHomeland Security has warned that hackers are exploiting a security vulnerability in SAP business software -- a flaw that dates back to 2010.http://www.zdnet.com/article/homeland-security-warns-of-hackers-exploiting-sap-security-flaw/5/12/2016Forceful BrowsingInsufficient AuthenticationAccount Takeover
60
2016-007WHID 2016-007: Anonymous teams up with GhostSquad to attack major banksAnonymous has joined forces with GhostSquad to launch successful cyberattacks on eight international banks that were forced to shut down their websites. The hacktivist collective alongside the hacker group GhostSquad have launched a new operation called Op Icarus which aims to punish corrupt banks and individuals in the financial sector.http://betanews.com/2016/05/12/anonymous-op-icarus/5/12/2016Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
61
2016-006WHID 2016-006: Kaziranga website hacked by Pak youthKaziranga National Park authorities on Monday said the official website of the park had been hacked by a Pakistan-based hacker.http://www.nagalandpost.com/ChannelNews/Regional/RegionalNews.aspx?news=TkVXUzEwMDA5NzAxNg%3D%3D5/12/2016UnknownUnknownDefacementGovernment
62
2016-005WHID 2016-005: IRCTC Website Hacked- Over 10 Million Accounts HackedIRCTC, Indian railway’s official website has been hacked today. All the transaction and ticket booking are usually done through this portal. The hack has been confirmed by the government and news portals.http://www.groundreport.com/irctc-website-hacked-10-million-accounts-hacked/5/12/2016UnknownUnknownLeakage of InformationTransportation
63
2016-004WHID 2016-004: Donald Trump Campaign Website Down For An Hour, Hackers Claim ResponsibilityAfter the campaign website for Republican presidential hopeful Donald Trump went down Saturday morning, an online hacker collective – which has said it focuses on targeting online activity of the Islamic State group, also known as ISIS – claimed responsibility, CBS News reportedhttp://www.ibtimes.com/donald-trump-campaign-website-down-hour-hackers-claim-responsibility-22469341/2/2016Denial of ServiceInsufficient Anti-AutomationDowntimePolitics
64
2016-003WHID 2016-003: Linode Is Under a Barrage of DDoS Attacks Since ChristmasVPS cloud hosting provider Linode has been experiencing outages due to distributed denial-of-service (DDoS) attacks for the past few days, with the first attacks starting on Christmas Eve.http://news.softpedia.com/news/linode-is-under-a-barrage-of-ddos-attacks-since-christmas-498329.shtml1/2/2016Denial of ServiceInsufficient Anti-AutomationDowntimeHosting Providers
65
2016-002WHID 2016-002: Palembang District Court Website Hacked as a Show of ProtestThe official website of Palembang District Court (http://pn-palembang.go.id) was reportedly hacked as a show of protest by the hacker against the ruling made the court that rejected the lawsuit filed by the government against PT Bumi Mekar Hijau, which was allegedly involved in the case of forest fire in South Sumatera province.http://en.tempo.co/read/news/2016/01/02/055732482/Palembang-District-Court-Website-Hacked-as-a-Show-of-Protest1/2/2016UnknownInsufficient Outbound HandlingDefacementGovernment
66
2016-001WHID 2016-001: Religiously Motivated Hacker Defaces 79 Escort SitesA Moroccan hacker that calls himself ElSurveillance has defaced and stolen data from 79 escort websites, as part of a larger campaign he started last summer, a campaign against adult and escort portals.http://news.softpedia.com/news/religiously-motivated-hacker-defaces-79-escort-sites-498311.shtml1/1/2016UnknownInsufficient Outbound HandlingDefacementEntertainment
67
2015-063WHID 2015-063: Hong Kong Free Press hit by denial-of-service attack weeks before launchHong Kong Free Press, an independent news website set up to counter falling press freedom in the territory, has been hit by a denial-of-service attack before the platform has launchedhttp://www.mumbrella.asia/2015/06/hong-kong-free-press-hit-by-denial-of-service-attack-before-launch/6/3/2015Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
68
2015-062WHID 2015-062: Businessman Loses $240,000 to HackersA targeted attack on a businessman from Mahwah, New Jersey, caused the victim a financial loss of $240,000 / €215,000, through a bank transfer request that appeared legitimate to the financial institution.http://news.softpedia.com/news/Businessman-Loses-240-000-to-Hackers-483098.shtml6/2/2015Banking TrojanInsufficient AuthenticationMonetary LossFinance
69
2015-061WHID 2015-061: Local websites hacked after a brute force attackWeb Design 309, a local web design firm, says the hackers used a brute force attack to break into a local server, using millions of password combinations at the same time until one of them worked.http://www.cinewsnow.com/news/local/Local-websites-hacked-after-a-brute-force-attack-305933091.html6/2/2015Brute ForceInsufficient Anti-AutomationAccount TakeoverTechnology
70
2015-060WHID 2015-060: Hackers attack Huffington Post, other sites, with malware-laced adsThe Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.http://www.reviewjournal.com/life/technology/hackers-attack-huffington-post-other-sites-malware-laced-ads1/8/2015UnknownUnknownMalvertisingMedia
71
2015-059WHID 2015-059: 'Self-XSS' flaw in found Microsoft Dynamics CRMA flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a logged-in user into inserting malicious code within input fields on vulnerable websites.http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/1/8/2015Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
72
2015-058WHID 2015-058: Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkitA newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attackshttp://www.scmagazine.com/malware-targets-linux-and-arm-architecture/article/391497/1/7/2015Brute ForceInsufficient Anti-AutomationBotnet RecruitmentMultiple
73
2015-057WHID 2015-057: Hackers with ties to Islamic State group take over Buena Park nonprofit's websiteGiving Children Hope, a nonprofit that delivers aid to children and families in need around the world, had its website hacked by a group identifying itself as Team System Dz, an Islamic State sympathizer.http://www.ocregister.com/articles/children-647453-hope-isis.html1/8/2015UnknownUnknownDefacementNon-Profit
74
2015-056WHID 2015-056: Bulgarian Energy Regulator’s Website HackedInitially the cyberattack had only affected the homepage of www.dker.bg, with access to the site being restricted completely at around 9.30 AM CET on Thursdayhttp://www.publics.bg/en/news/11993/Bulgarian_Energy_Regulator%E2%80%99s_Website_Hacked.html1/8/2015UnknownUnknownDefacementGovernment
75
2015-055WHID 2015-055: Merkel website hacked ahead of visit by Ukrainian premier A German official says Chancellor Angela Merkel's website and several other German government sites have been blocked, and a pro-Russian organization has claimed responsibility.http://www.utsandiego.com/news/2015/jan/07/merkel-website-hacked-ahead-of-visit-by-ukrainian/1/7/2015Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
76
2015-054WHID 2015-054: Md. station's Twitter, website hacked by ISIS supportersThe Twitter account for WBOC, a Salisbury-based television station, was hijacked Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group.http://www.11alive.com/story/news/nation-now/2015/01/07/tv-station-site-hacked/21375453/1/7/2015UnknownUnknownDefacementMedia
77
2015-053WHID 2015-053: Primary school website hacked by Islamic extremistsThe homepage of Sowerby Community Primary School in Yorkshire was taken over by messages of hate against America and Israelhttp://www.mirror.co.uk/news/uk-news/primary-school-website-hacked-islamic-49286281/6/2015UnknownUnknownDefacementEducation
78
2015-052WHID 2015-052: iCloud hole closed following brute force attackA hole in iCloud's security allowed attackers to access any iCloud account via a brute force attack that side-stepped blocks - but it is now reported to have been patched.http://www.scmagazineuk.com/icloud-hole-closed-following-brute-force-attack/article/390822/1/5/2015Brute ForceInsufficient Anti-AutomationLeakage of InformationTechnology
79
2015-051WHID 2015-051: Weasel Zippers attacked, taken down for 12 hoursDDoS attack for 12 hours.http://www.americanthinker.com/blog/2015/01/weasel_zippers_attacked_taken_down_for_12_hours.html1/6/2015Denial of ServiceInsufficient Anti-AutomationDowntimePolitics
80
2015-050WHID 2015-050: University Of Cape CoastOfficial Website HackedThe official website of the University Of Cape Coast has been taken downhttp://pulse.com.gh/news/university-of-cape-coast-official-website-hacked-id3386384.html1/6/2015UnknownUnknownDefacementEducation
81
2015-049WHID 2015-049: Bitstamp exchange hacked, $5M worth of bitcoin stolenThe European bitcoin exchange suspends its service after it was hacked, ZDNet can confirm. Less than 19,000 bitcoins were stolen from an operational wallet.http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/1/5/2015UnknownUnknownMonetary LossFinance
82
2015-048WHID 2015-048: OP hit by another denial of service attackThe second attack was detected on Sunday afternoon, only a couple of hours after the first attack had ended, according to an announcement posted by the financial services provider on its Facebook page.http://www.helsinkitimes.fi/finland/finland-news/domestic/13104-op-hit-by-another-denial-of-service-attack.html1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
83
2015-047WHID 2015-047: Finnish bank takes cricket bat to wave after wave of DDoS varmintsFinnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve.http://www.theregister.co.uk/2015/01/05/finnish_bank_ddos/1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
84
2015-046WHID 2015-046: PhonCert HackedDB Dumphttp://siph0n.net/exploits.php?id=36761/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEntertainment
85
2015-045WHID 2015-045: Women's Resource Centre website hacked by people claiming to support IsisAfter the hacking last week, the umbrella body has been unable to restore its website to working order, and does not know why it has been targetedhttp://www.thirdsector.co.uk/womens-resource-centre-website-hacked-people-claiming-support-isis/communications/article/13316841/30/2015UnknownUnknownDefacementPolitics
86
2015-044WHID 2015-044: Website of Bulgaria's Energy Watchdog HackedHackers have taken down the website of DKEVR, the Bulgarian energy regulator. - See more at: http://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked#sthash.zKOcddf7.dpufhttp://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked1/8/2015UnknownUnknownDefacementGovernment
87
2015-043WHID 2015-042: Higher Education Commission Pakistan HackedDB Dumphttp://siph0n.net/exploits.php?id=36701/29/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
88
2015-042WHID 2015-042: Rex Mundi dumps more data after another entity doesn’t pay extortion demandsLast week, we hacked the servers of Temporis, allegedly France’s largest network of franchised temp work agencies (www.temporis-franchise.fr). http://www.databreaches.net/rex-mundi-dumps-more-data-after-another-entity-doesnt-pay-extortion-demands/1/27/2015SQL InjectionImproper Input HandlingLeakage of InformationRecruiting
89
2015-041WHID 2015-041: Victor Valley College hit by computer security breachThe entire Victor Valley College Information Technology Department has been placed on paid administrative leave while campus police and an outside company investigate a breach in security protocol, President Roger Wagner said Thursday.http://www.databreaches.net/ca-victor-valley-college-hit-by-computer-security-breach-entire-it-dept-put-on-leave/1/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
90
2015-040WHID 2015-040: oklahomacounty.org hackedDB Dump on PasteBinhttp://pastebin.com/0ekAGZWs1/25/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
91
2015-039WHID 2015-039: ValidDumps.RU Full User Database DumpDB Dumphttp://siph0n.net/exploits.php?id=36681/22/2015SQL InjectionImproper Input HandlingLeakage of InformationHacker Site
92
2015-038WHID 2015-038: FreshFiction DB DumpedDB Dump on PasteBinhttp://pastebin.com/ZGfRR7mL1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
93
2015-037WHID 2015-037: Bitcoin news website Coinfire and its Twitter account hacked“Well, looks like the XPY supporters got what they wanted. They logged in to our domain registrar account and had our domain taken away from us,” he added.http://www.hackread.com/bitcoin-news-website-coinfire-website-twitter-hacked/1/26/2015DNS HijackingInsufficient Process ValidationDefacementMedia
94
2015-036WHID 2015-036: Government of Nepal /Nepal Department of Transportation HackedDB Dumphttp://siph0n.net/exploits.php?id=36651/19/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
95
2015-035WHID 2015-035: U. Chicago hackedIt appears we should add the University of Chicago to schools hacked by Carbonic. And yes, chalk it up to another SQLi vulnerability.http://www.databreaches.net/u-chicago-hacked-by-teamcarbonic-claim/1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
96
2015-034WHID 2015-034: Ghana government websites targeted by hackersThe majority of the Ghanaian government's websites, including its main site, have been hacked and are currently offline.http://www.bbc.com/news/world-africa-309140001/21/2015UnknownUnknownDefacementGovernment
97
2015-033WHID 2015-033: Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic ArmyHackers from the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, broke into the Twitter account of Le Monde overnight, the newspaper confirmed on Wednesday.http://www.telegraph.co.uk/news/worldnews/europe/france/11359732/Le-Monde-hacked-Je-ne-suis-pas-Charlie-writes-Syrian-Electronic-Army.html1/21/2015UnknownUnknownAccount TakeoverSocial
98
2015-032WHID 2015-032: Alleged Islamic hackers target NZ websitesAt least two New Zealand websites have been hacked and defaced by a group calling themselves the 'Team Muslim Cyberforce'.http://www.stuff.co.nz/technology/digital-living/65198165/islamic-hackers-target-nz-websites1/19/2015UnknownUnknownDefacementNon-Profit
99
2015-031WHID 2015-031: Aussie Travel Cover hack exposes details of 770,000 customersA major data breach has hit one of Australia's leading travel insurers, exposing details of three quarters of a million policy holders. But while the hack occurred last year, customers have remained in the dark.http://www.cnet.com/au/news/aussie-travel-cover-hack-exposes-customer-details/1/20/2015SQL InjectionImproper Input HandlingLeakage of InformationTravel
100
2015-030WHID 2015-030: philsacra.ust.edu.ph website hacked DB dumphttp://siph0n.net/exploits.php?id=36541/17/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation