Web Hacking Incident Database (WHID) - Current
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Still loading...
WHID IDEntry TitleIncident DescriptionReferenceDate OccurredAttack MethodApplication WeaknessOutcomeAttacked Entity FieldAttacked Entity GeographyMass AttackMass Attack NameNumber of Sites AffectedAttack Source GeographyAttacked System TechnologyCostItems LeakedNumber of RecordsAdditional Link
2016-004WHID 2016-004: Donald Trump Campaign Website Down For An Hour, Hackers Claim ResponsibilityAfter the campaign website for Republican presidential hopeful Donald Trump went down Saturday morning, an online hacker collective – which has said it focuses on targeting online activity of the Islamic State group, also known as ISIS – claimed responsibility, CBS News reportedhttp://www.ibtimes.com/donald-trump-campaign-website-down-hour-hackers-claim-responsibility-22469341/2/2016Denial of ServiceInsufficient Anti-AutomationDowntimePolitics
2016-003WHID 2016-003: Linode Is Under a Barrage of DDoS Attacks Since ChristmasVPS cloud hosting provider Linode has been experiencing outages due to distributed denial-of-service (DDoS) attacks for the past few days, with the first attacks starting on Christmas Eve.http://news.softpedia.com/news/linode-is-under-a-barrage-of-ddos-attacks-since-christmas-498329.shtml1/2/2016Denial of ServiceInsufficient Anti-AutomationDowntimeHosting Providers
2016-002WHID 2016-002: Palembang District Court Website Hacked as a Show of ProtestThe official website of Palembang District Court (http://pn-palembang.go.id) was reportedly hacked as a show of protest by the hacker against the ruling made the court that rejected the lawsuit filed by the government against PT Bumi Mekar Hijau, which was allegedly involved in the case of forest fire in South Sumatera province.http://en.tempo.co/read/news/2016/01/02/055732482/Palembang-District-Court-Website-Hacked-as-a-Show-of-Protest1/2/2016UnknownInsufficient Outbound HandlingDefacementGovernment
2016-001WHID 2016-001: Religiously Motivated Hacker Defaces 79 Escort SitesA Moroccan hacker that calls himself ElSurveillance has defaced and stolen data from 79 escort websites, as part of a larger campaign he started last summer, a campaign against adult and escort portals.http://news.softpedia.com/news/religiously-motivated-hacker-defaces-79-escort-sites-498311.shtml1/1/2016UnknownInsufficient Outbound HandlingDefacementEntertainment
2015-063WHID 2015-063: Hong Kong Free Press hit by denial-of-service attack weeks before launchHong Kong Free Press, an independent news website set up to counter falling press freedom in the territory, has been hit by a denial-of-service attack before the platform has launchedhttp://www.mumbrella.asia/2015/06/hong-kong-free-press-hit-by-denial-of-service-attack-before-launch/6/3/2015Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
2015-062WHID 2015-062: Businessman Loses $240,000 to HackersA targeted attack on a businessman from Mahwah, New Jersey, caused the victim a financial loss of $240,000 / €215,000, through a bank transfer request that appeared legitimate to the financial institution.http://news.softpedia.com/news/Businessman-Loses-240-000-to-Hackers-483098.shtml6/2/2015Banking TrojanInsufficient AuthenticationMonetary LossFinance
2015-061WHID 2015-061: Local websites hacked after a brute force attackWeb Design 309, a local web design firm, says the hackers used a brute force attack to break into a local server, using millions of password combinations at the same time until one of them worked.http://www.cinewsnow.com/news/local/Local-websites-hacked-after-a-brute-force-attack-305933091.html6/2/2015Brute ForceInsufficient Anti-AutomationAccount TakeoverTechnology
2015-060WHID 2015-060: Hackers attack Huffington Post, other sites, with malware-laced adsThe Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.http://www.reviewjournal.com/life/technology/hackers-attack-huffington-post-other-sites-malware-laced-ads1/8/2015UnknownUnknownMalvertisingMedia
2015-059WHID 2015-059: 'Self-XSS' flaw in found Microsoft Dynamics CRMA flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a logged-in user into inserting malicious code within input fields on vulnerable websites.http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/1/8/2015Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2015-058WHID 2015-058: Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkitA newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attackshttp://www.scmagazine.com/malware-targets-linux-and-arm-architecture/article/391497/1/7/2015Brute ForceInsufficient Anti-AutomationBotnet RecruitmentMultiple
2015-057WHID 2015-057: Hackers with ties to Islamic State group take over Buena Park nonprofit's websiteGiving Children Hope, a nonprofit that delivers aid to children and families in need around the world, had its website hacked by a group identifying itself as Team System Dz, an Islamic State sympathizer.http://www.ocregister.com/articles/children-647453-hope-isis.html1/8/2015UnknownUnknownDefacementNon-Profit
2015-056WHID 2015-056: Bulgarian Energy Regulator’s Website HackedInitially the cyberattack had only affected the homepage of www.dker.bg, with access to the site being restricted completely at around 9.30 AM CET on Thursdayhttp://www.publics.bg/en/news/11993/Bulgarian_Energy_Regulator%E2%80%99s_Website_Hacked.html1/8/2015UnknownUnknownDefacementGovernment
2015-055WHID 2015-055: Merkel website hacked ahead of visit by Ukrainian premier A German official says Chancellor Angela Merkel's website and several other German government sites have been blocked, and a pro-Russian organization has claimed responsibility.http://www.utsandiego.com/news/2015/jan/07/merkel-website-hacked-ahead-of-visit-by-ukrainian/1/7/2015Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
2015-054WHID 2015-054: Md. station's Twitter, website hacked by ISIS supportersThe Twitter account for WBOC, a Salisbury-based television station, was hijacked Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group.http://www.11alive.com/story/news/nation-now/2015/01/07/tv-station-site-hacked/21375453/1/7/2015UnknownUnknownDefacementMedia
2015-053WHID 2015-053: Primary school website hacked by Islamic extremistsThe homepage of Sowerby Community Primary School in Yorkshire was taken over by messages of hate against America and Israelhttp://www.mirror.co.uk/news/uk-news/primary-school-website-hacked-islamic-49286281/6/2015UnknownUnknownDefacementEducation
2015-052WHID 2015-052: iCloud hole closed following brute force attackA hole in iCloud's security allowed attackers to access any iCloud account via a brute force attack that side-stepped blocks - but it is now reported to have been patched.http://www.scmagazineuk.com/icloud-hole-closed-following-brute-force-attack/article/390822/1/5/2015Brute ForceInsufficient Anti-AutomationLeakage of InformationTechnology
2015-051WHID 2015-051: Weasel Zippers attacked, taken down for 12 hoursDDoS attack for 12 hours.http://www.americanthinker.com/blog/2015/01/weasel_zippers_attacked_taken_down_for_12_hours.html1/6/2015Denial of ServiceInsufficient Anti-AutomationDowntimePolitics
2015-050WHID 2015-050: University Of Cape CoastOfficial Website HackedThe official website of the University Of Cape Coast has been taken downhttp://pulse.com.gh/news/university-of-cape-coast-official-website-hacked-id3386384.html1/6/2015UnknownUnknownDefacementEducation
2015-049WHID 2015-049: Bitstamp exchange hacked, $5M worth of bitcoin stolenThe European bitcoin exchange suspends its service after it was hacked, ZDNet can confirm. Less than 19,000 bitcoins were stolen from an operational wallet.http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/1/5/2015UnknownUnknownMonetary LossFinance
2015-048WHID 2015-048: OP hit by another denial of service attackThe second attack was detected on Sunday afternoon, only a couple of hours after the first attack had ended, according to an announcement posted by the financial services provider on its Facebook page.http://www.helsinkitimes.fi/finland/finland-news/domestic/13104-op-hit-by-another-denial-of-service-attack.html1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2015-047WHID 2015-047: Finnish bank takes cricket bat to wave after wave of DDoS varmintsFinnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve.http://www.theregister.co.uk/2015/01/05/finnish_bank_ddos/1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-127WHID 2013-127: Burger King Twitter account hacked, defacedThe Twitter account associated with the fast-food chain Burger King was suspended after an apparent hack defaced the page with messages that the account had been sold to McDonald's.http://www.cnet.com/news/burger-king-twitter-account-hacked-defaced/2/18/2013Brute ForceInsufficient AuthenticationAccount TakeoverSocial
2013-125WHID 2013-125: Facebook says social network hackedIn a post by Facebook's security team, the company said the attack happened after some employees went to a mobile developer's website, which turned out to be compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," Facebook said.http://www.marketwatch.com/story/facebook-says-social-network-hacked-2013-02-152/15/2013UnknownUnknownPlanting of MalwareTechnology
2013-124WHID 2013-124: Chinese hacker arrested after extorting $32K from web companiesA 24-year-old Chinese man was arrested after authorities learned he had amassed $32,000 to purchase in-game MMO equipment by extorting internet companieshttp://www.polygon.com/2013/2/11/3975814/chinese-hacker-arrested-after-extorting-32k-from-web-companies2/11/2013UnknownUnknownDowntimeGaming
2013-123WHID 2013-123: Yahoo! hacked in New Zealand through WordPress vulnerabilityTelecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an old and unpatched version of WordPress to host the service.http://www.smartcompany.com.au/technology/information-technology/30276-yahoo-hacked-in-new-zealand-through-wordpress-vulnerability.html#2/11/2013UnknownUnknownAccount TakeoverHosting ProvidersWordPress
2013-122WHID 2013-122: E-banking theft: Hackers steal Rs 2.5LAn unknown cyber criminal allegedly hacked into the NRI bank account of Savio Joao Piedade Clemente from Borda, Margao, on January 29 and fraudulently withdrew 2.5 lakh from it.http://timesofindia.indiatimes.com/city/goa/E-banking-theft-Hackers-steal-Rs-2-5L/articleshow/18423221.cms2/10/2013Banking TrojanInsufficient Process ValidationMonetary LossFinance
2013-121WHID 2013-121: Hackers target Alabama Criminal Justice Information Center websiteA hack of the Alabama Criminal Justice Information Center’s public website is now the subject of a criminal investigation, according to the Alabama Department of Homeland Security.http://blog.al.com/montgomery/2013/02/hackers_target_alabama_crimina.html2/6/2013UnknownUnknownDisinformationGovernment
2013-120WHID 2013-120: Hackers access bankers' info on Fed websiteMore than 4,000 bank executives had their personal information published on the Internet by hackers who accessed the data on an internal Federal Reserve website, according to a Reuters report.http://www.usatoday.com/story/money/business/2013/02/06/federal-reserves-website-hacked/1896843/2/6/2013SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-119WHID 2013-119: Energy Department hacked, says no classified data was compromisedThe Department of Energy's electronics network was attacked by hackers in mid-January but no classified data was compromised, the agency said in a letter to employees.http://articles.chicagotribune.com/2013-02-04/news/sns-rt-us-usa-cybersecurity-doebre9130zl-20130204_1_state-department-cables-energy-department-wikileaks2/4/2013UnknownUnknownLeakage of InformationGovernment
2013-118WHID 2013-118: Malware warnings block Google Chrome users from some sites after website hackedMalware warnings were halting Internet users from visiting popular sites across the Internet on Monday morning, including some websites owned by The Saratogian's parent company, Digital First Media, after a Silicon Valley advertising company had it website hacked. The company said Monday that its ads were not infected with any virus, so other sites were safe.http://www.saratogian.com/general-news/20130204/malware-warnings-block-google-chrome-users-from-some-sites-after-website-hacked2/4/2013UnknownUnknownPlanting of MalwareMultiple
2013-117WHID 2013-117: Amid Iraqi protests, hackers hit Maliki's websiteIraq's Prime Minister Nuri al-Maliki is facing protests from Sunni Muslims, an oil dispute with the Kurdistan region and turmoil in his own government. Now hackers have attacked his website to brand him a tyrant.http://www.reuters.com/article/2013/02/02/us-iraq-protests-idUSBRE91104C201302022/2/2013UnknownUnknownDefacementGovernment
2013-116WHID 2013-116: Twitter: Hackers hit 250,000 accountsTwitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.http://www.usatoday.com/story/tech/2013/02/01/twitter-hackers-china-us/1885347/2/2/2013UnknownUnknownLeakage of InformationSocial
2013-115WHID 2013-115: Yahoo Mail users still seeing accounts hacked via XSS exploitYahoo Mail users are once again having their accounts compromised in attacks that are very similar to the ones seen just a few weeks ago. Attackers are gaining access after leveraging a flaw in the company’s YDN blog page by means of a link sent to victims’ inboxes.http://thenextweb.com/insider/2013/01/31/yahoo-mail-users-still-seeing-accounts-hacked-via-xss-exploit-amid-reports-yahoo-failed-to-fix-old-flaw/1/31/2013Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2013-114WHID 2013-114: Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blameLate last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/1/7/2013Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2013-113WHID 2013-113: Patelco Confirms Five-Hour DDoS TakedownLast Thursday, the main member-facing Patelco website was down for around five hours, said Patelco CEO Ken Burns in an interview Tuesday.http://www.cutimes.com/2013/01/29/patelco-confirms-five-hour-ddos-takedown1/29/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-112WHID 2013-112: RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at riskA user uploaded a malicious gem that contained a malicious gem manifest (YAML file). The manifest contained embedded Ruby with this payload. This is the only known incident involving this vulnerability, but the vulnerability involved is a remote code execution exploit, so the usual rules apply.http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/1/30/2013Code InjectionImproper Input HandlingLeakage of InformationTechnology
2013-111WHID 2013-111: Rogue Payday loan brokers hacking websites to increase website trafficAn investigation by Sky News has revealed that some Payday loan brokers have been involved in hacking popular websites in order to increase their rankings on Google and the number of visitors to their siteshttp://www.financialreporter.co.uk/finance-news/rogue-payday-loan-brokers-hacking-websites-to-increase-website-traffic.html1/29/2013UnknownUnknownSPAM LinksMultiple
2013-110WHID 2013-110: Citizens Bank website brought down by Iranian hackersThe bank's website was down on Thursday because of what the bank called "a temporary disruption due to an unusually high volume of Internet traffic."http://www.wcvb.com/money/Citizens-Bank-website-brought-down-by-Iranian-hackers/182910481/26/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-109WHID 2013-109: Anonymous Hacks US Government Site, Threatens Supreme 'Warheads'The hacktivist group Anonymous hacked the U.S. federal sentencing website early Saturday, using the page to make a brazen and boisterous declaration of "war" on the U.S. government.http://mashable.com/2013/01/26/anonymous-hack-government-website-declares-war/1/26/2013UnknownUnknownDefacementGovernment
2013-108WHID 2013-108: Buy Way Hit by Extortionist Rex Mundi HackersHacker group Rex Mundi, which recently attempted to extort $15,000 from AmeriCash Advance and $50,000 from Drake International, now claim to have breached the servers of Belgian company Buy Wayhttp://www.esecurityplanet.com/hackers/buy-way-hit-by-extortionist-rex-mundi-hackers.html1/25/2013SQL InjectionImproper Input HandlingLeakage of InformationRetail
2013-107WHID 2013-107: Texas Credit Union Hit by DDoS AttackersUniversity Federal Credit Union, the $1.5 billion institution headquartered in Austin, Texas, confirmed Friday that it was taken down “for around two and one-half hours” on Thursday in a cyber attackhttp://www.cutimes.com/2013/01/25/texas-credit-union-hit-by-ddos-attackers?ref=hp1/25/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-106WHID 2013-106: After Ransom Request, Trading Firm Repelled Hacker AttacksThe last in a year-long series of hacker attacks on Henyep Capital Markets (UK) Ltd., an online trading platform, was quickly repelled last Octoberhttp://blogs.wsj.com/cio/2013/01/25/after-ransom-request-trading-firm-repelled-hacker-attacks/1/25/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-105WHID 2013-105: Web server hackers install rogue Apache modules and SSH backdoorsA group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their SSH (Secure Shell) services in order to steal login credentials from administrators and users.http://www.infoworld.com/article/2612975/hacking/web-server-hackers-install-rogue-apache-modules-and-ssh-backdoors--researchers-say.html1/24/2013UnknownUnknownPlanting of MalwareMultiple
2013-104WHID 2013-104: Capital One Website Disrupted, Cyber Protestors Claim AttackThe website for Capital One was inaccessible for online banking customers for hours overnight, possibly the latest salvo in a long-running cyber protest targeting major Western financial institutions over an anti-Islam movie.http://abcnews.go.com/blogs/headlines/2013/01/capital-one-website-disrupted-cyber-protestors-claim-attack/1/24/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-103WHID 2013-103: More Zimbabwean bank websites hackedMetropolitan Bank, the hacking of whose website we reported here two days ago, were not the only local financial institution to suffer at the hands of site defacers in the past couple of weeks. - See more at: http://www.techzim.co.zw/2013/01/more-zimbabwean-bank-websites-hacked-mbca-tetrad-and-others/#sthash.DMxZ56S1.dpufhttp://www.techzim.co.zw/2013/01/more-zimbabwean-bank-websites-hacked-mbca-tetrad-and-others/1/24/2013UnknownUnknownDefacementFinance
2013-102WHID 2013-102: Sri Lanka govt Web sites hit in spate of attacksA hacker on Tuesday breached the Web site of Sri Lanka Port Authority (SLPA), and also attacked and leaked the Web sites of two Sri Lankan TV channels and the Bureau of Foreign Employment over the last weekend.http://www.zdnet.com/article/sri-lanka-govt-web-sites-hit-in-spate-of-attacks/1/23/2013UnknownUnknownDefacementGovernment
2013-101WHID 2013-101: Hackers steal thousands from Vancouver churchIt’s very likely that hackers were simply using a banking trojan in a consumer-focused info-stealing campaign and just happened to ensnare the church’s account details from the home computer. http://www.infosecurity-magazine.com/news/hackers-steal-thousands-from-vancouver-church/1/22/2013Banking TrojanInsufficient Process ValidationMonetary LossFinance
2013-100WHID 2013-100: UNSW confirms hacking breachThe University of NSW has been the target of a "concerted effort" to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed.http://www.theage.com.au/it-pro/security-it/unsw-confirms-hacking-breach-20130121-2d272.html1/21/2013UnknownUnknownDowntimeEducation
2013-099WHID 2013-099: Metropolitan Bank website hackedWe’re gathering that the websites belonging to Zimbabwean bank, Metropolitan Bank (www.metbank.co.zw) was defaced and subsequently taken down ‘for maintenance’. - See more at: http://www.techzim.co.zw/2013/01/metropolitan-bank-website-hacked/#sthash.9ykIzLxt.dpufhttp://www.techzim.co.zw/2013/01/metropolitan-bank-website-hacked/1/21/2013UnknownUnknownDefacementFinance
2013-098WHID 2013-098: Altech website hackedAustralian distributor Altech Computers fell victim to a hacking attack on Sunday after attackers gained access to a page on the company’s website and uploaded images of a pornographic nature.http://www.crn.com.au/News/329486,altech-website-hacked-replaced-with-porn.aspx1/21/2013UnknownUnknownDefacementTechnology
2013-097WHID 2013-007: Phys.Org Hacked, serving up malwarePhys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users that "this site may harm your computer."http://www.networkworld.com/article/2223853/microsoft-subnet/phys-org-hacked--serving-up-malware--google-blocks-site--but-bing-doesn-t.html1/16/2013UnknownUnknownPlanting of MalwareEducation
2013-096WHID 2013-096: Hackers Disrupt Mexican Defense Ministry’s WebsiteHackers claimed a cyberattack on the Mexican defense ministry website on Jan. 16, posting a manifesto from the Zapatista rebel group for two hours.http://www.defensenews.com/article/20130117/DEFREG02/301170013/Hackers-Disrupt-Mexican-Defense-Ministry-8217-s-Website?odyssey=nav%7Chead1/17/2013UnknownUnknownDefacementGovernment
2013-095WHID 2013-095: EMG website hacked by Red ArmyThe webpage, http://news-eleven.com, of Eleven Media Group has today been hacked by Red Army (a combination of six different hacker groups namely Blink Hacker Group, Myanmar Hack3rs Unite4m, Myanmar Cyber Army, Black Hack Area, Myanmar Cyber Defence Army, and Cyber Vampire Team).http://www.nationmultimedia.com/breakingnews/EMG-website-hacked-by-Red-Army-30198022.html1/16/2013UnknownUnknownDefacementMedia
2013-094WHID 2013-094: Culture Ministry website hacked by "Bad Piggies"The official website of the Cultural Ministry was still off the air on Wednesday, as police continued to hunt for hackers who tampered with the website yesterday and again today.http://www.nationmultimedia.com/national/Culture-Ministry-website-hacked-by-Bad-Piggies-30198031.html1/16/2013UnknownUnknownDefacementGovernment
2015-046WHID 2015-046: PhonCert HackedDB Dumphttp://siph0n.net/exploits.php?id=36761/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEntertainment
2015-045WHID 2015-045: Women's Resource Centre website hacked by people claiming to support IsisAfter the hacking last week, the umbrella body has been unable to restore its website to working order, and does not know why it has been targetedhttp://www.thirdsector.co.uk/womens-resource-centre-website-hacked-people-claiming-support-isis/communications/article/13316841/30/2015UnknownUnknownDefacementPolitics
2015-044WHID 2015-044: Website of Bulgaria's Energy Watchdog HackedHackers have taken down the website of DKEVR, the Bulgarian energy regulator. - See more at: http://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked#sthash.zKOcddf7.dpufhttp://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked1/8/2015UnknownUnknownDefacementGovernment
2015-043WHID 2015-042: Higher Education Commission Pakistan HackedDB Dumphttp://siph0n.net/exploits.php?id=36701/29/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2013-089WHID 2013-089: Some University of Washington websites hackedA group of University of Washington websites was hacked Thursday morning, and pages were replaced by an extremist message that promised death to Americans in Iraq.http://q13fox.com/2013/01/29/some-university-of-washington-websites-hacked-extremist-group-claims-responsibility/1/27/2013UnknownUnknownDefacementEducation
2013-088WHID 2013-088: Top adult site xhamster victim of large malvertising campaignWe are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month.https://blog.malwarebytes.org/exploits-2/2013/01/top-adult-site-xhamster-victim-of-large-malvertising-campaign/1/27/2013UnknownUnknownPlanting of MalwareAdult
2013-087WHID 2013-097: Taylor Swift hacked on Twitter and InstagramTaylor Swift may be the victim of a recent hack on both of her confirmed Twitter and Instagram accounts. The now-deleted tweets tag Twitter users @Veriuser and @Lizzard and encourages her fans to follow them.http://mashable.com/2013/01/27/taylor-swift-hack/1/27/2013UnknownUnknownAccount TakeoverSocial
2015-042WHID 2015-042: Rex Mundi dumps more data after another entity doesn’t pay extortion demandsLast week, we hacked the servers of Temporis, allegedly France’s largest network of franchised temp work agencies (www.temporis-franchise.fr). http://www.databreaches.net/rex-mundi-dumps-more-data-after-another-entity-doesnt-pay-extortion-demands/1/27/2015SQL InjectionImproper Input HandlingLeakage of InformationRecruiting
2015-041WHID 2015-041: Victor Valley College hit by computer security breachThe entire Victor Valley College Information Technology Department has been placed on paid administrative leave while campus police and an outside company investigate a breach in security protocol, President Roger Wagner said Thursday.http://www.databreaches.net/ca-victor-valley-college-hit-by-computer-security-breach-entire-it-dept-put-on-leave/1/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2015-040WHID 2015-040: oklahomacounty.org hackedDB Dump on PasteBinhttp://pastebin.com/0ekAGZWs1/25/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-083WHID 2013-083: Malaysia Airlines website hacked by 'Cyber Caliphate'In a post on its Facebook account, the airline denied its internal servers, which contain passenger information, had been compromised. It said its Domain Name System (DNS) had instead been hijacked, with users redirected to the hackers' website.http://www.cnn.com/2013/01/25/asia/malaysia-airlines-website-hacked/1/26/2013DNS HijackingInsufficient Process ValidationDefacementTransportation
2015-039WHID 2015-039: ValidDumps.RU Full User Database DumpDB Dumphttp://siph0n.net/exploits.php?id=36681/22/2015SQL InjectionImproper Input HandlingLeakage of InformationHacker Site
2015-038WHID 2015-038: FreshFiction DB DumpedDB Dump on PasteBinhttp://pastebin.com/ZGfRR7mL1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-037WHID 2015-037: Bitcoin news website Coinfire and its Twitter account hacked“Well, looks like the XPY supporters got what they wanted. They logged in to our domain registrar account and had our domain taken away from us,” he added.http://www.hackread.com/bitcoin-news-website-coinfire-website-twitter-hacked/1/26/2015DNS HijackingInsufficient Process ValidationDefacementMedia
2015-036WHID 2015-036: Government of Nepal /Nepal Department of Transportation HackedDB Dumphttp://siph0n.net/exploits.php?id=36651/19/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-078WHID 2013-078: Nigeria: DHQ Blogsite HackedThe Defence Headquarters (DHQ)' information blog site, defenceinfo.mil.ng, that was hacked into in the early hours of Friday, 23 January, 2013 has been restored to full operation.http://allafrica.com/stories/201301250109.html1/24/2013UnknownUnknownDefacementGovernment
2015-035WHID 2015-035: U. Chicago hackedIt appears we should add the University of Chicago to schools hacked by Carbonic. And yes, chalk it up to another SQLi vulnerability.http://www.databreaches.net/u-chicago-hacked-by-teamcarbonic-claim/1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2015-034WHID 2015-034: Ghana government websites targeted by hackersThe majority of the Ghanaian government's websites, including its main site, have been hacked and are currently offline.http://www.bbc.com/news/world-africa-309140001/21/2015UnknownUnknownDefacementGovernment
2015-033WHID 2015-033: Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic ArmyHackers from the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, broke into the Twitter account of Le Monde overnight, the newspaper confirmed on Wednesday.http://www.telegraph.co.uk/news/worldnews/europe/france/11359732/Le-Monde-hacked-Je-ne-suis-pas-Charlie-writes-Syrian-Electronic-Army.html1/21/2015UnknownUnknownAccount TakeoverSocial
2013-074WHID 2013-074: Russian Dating Site Topface Hacked for 20 Million User NamesUser names and e-mail addresses of 20 million visitors to a Russia-based online dating service have been hacked and offered for sale on a website, according to fraud-detection software-maker Easy Solutions Inc.http://www.bloomberg.com/news/articles/2013-01-25/hacker-steals-20-million-passwords-from-unidentified-dating-site1/25/2013SQL InjectionImproper Input HandlingLeakage of InformationSocial
2015-032WHID 2015-032: Alleged Islamic hackers target NZ websitesAt least two New Zealand websites have been hacked and defaced by a group calling themselves the 'Team Muslim Cyberforce'.http://www.stuff.co.nz/technology/digital-living/65198165/islamic-hackers-target-nz-websites1/19/2015UnknownUnknownDefacementNon-Profit
2015-031WHID 2015-031: Aussie Travel Cover hack exposes details of 770,000 customersA major data breach has hit one of Australia's leading travel insurers, exposing details of three quarters of a million policy holders. But while the hack occurred last year, customers have remained in the dark.http://www.cnet.com/au/news/aussie-travel-cover-hack-exposes-customer-details/1/20/2015SQL InjectionImproper Input HandlingLeakage of InformationTravel
2015-030WHID 2015-030: philsacra.ust.edu.ph website hacked DB dumphttp://siph0n.net/exploits.php?id=36541/17/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2013-070WHID 2013-070: Govt sites hacked on eve of SC cybercrime hearingOn the eve of the Supreme Court's hearing on the Anti-Cybercrime Act of 2012, hackers opposing the law defaced several government websites early Monday.http://www.gmanetwork.com/news/story/290139/scitech/technology/govt-sites-hacked-on-eve-of-sc-cybercrime-hearing1/14/2013UnknownUnknownDefacementGovernment
2013-069WHID 2013-089: Road Transport Corporation website hackedThe official website of the Andhra Pradesh State Road Transport Corporation (APSRTC) was defaced by suspected hackers from Bangladesh on Sundayhttp://timesofindia.indiatimes.com/city/hyderabad/Road-Transport-Corporation-website-hacked/articleshow/18012113.cms1/14/2013UnknownUnknownDefacementGovernment
2015-029WHID 2015-029: DDoS Attacks Slam Finnish BankPolice in Finland are investigating a series of distributed denial-of-service attacks against the country's OP Pohjola financial services group that have intermittently shut down online banking and direct debit serviceshttp://www.bankinfosecurity.com/ddos-attacks-slam-finnish-bank-a-77611/7/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2015-028WHID 2015-028: PowerPulse website hackedDB dumpedhttp://siph0n.net/exploits.php?id=36531/16/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-027WHID 2015-027: Virginia county website defaced with Islamic State messageA Virginia county was the victim of a cyber attack where a group posted messages and videos praising ISIS, the rebel Islamic group that has leveled threats against the United States. - See more at: http://statescoop.com/virginia-county-website-defaced-islamic-state-messages/#sthash.C2MeEh4O.dpufhttp://statescoop.com/virginia-county-website-defaced-islamic-state-messages/1/20/2015UnknownUnknownDefacementGovernment
2015-026WHID 2015-026: Grill parts website experiences system intrusion, payment card breachFrom January 2014 to October 2014, cardholder data was exposed on three separate occasions for various lengths of time due to a cyber attack against Barbecue Renew's web server.http://www.scmagazine.com/grill-parts-website-experiences-system-intrusion-payment-card-breach/article/394116/1/23/2015SQL InjectionImproper Input HandlingLeakage of InformationRetail
2013-064WHID 2013-064: New York Post Confirms Twitter Accounts Were HackedThe New York Post said its Twitter account was hacked after messages were posted citing bogus breaking news about U.S. interest-rate policy and China firing missiles on a U.S. Navy ship.http://www.bloomberg.com/news/articles/2013-01-16/new-york-post-says-twitter-feed-hacked-after-fake-china-tweets1/16/2013UnknownUnknownAccount TakeoverSocial
2013-063WHID 2013-063: Lizard Lair HackedSomeone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service.https://krebsonsecurity.com/2013/01/another-lizard-arrested-lizard-lair-hacked/1/15/2013SQL InjectionImproper Input HandlingLeakage of InformationRetail
2015-025WHID 2015-025: Hacker breached Metropolitan State University database with personal infoIn a campuswide e-mail Friday, interim president Devinder Malhotra wrote that a computer hacker apparently got “unauthorized access” to the university database in mid-December, and that investigators are still trying to determine the scope of the data breach.http://www.databreaches.net/mn-hacker-breached-metropolitan-state-university-database-with-pe-rsonal-info/1/16/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2015-024WHID 2015-024: FREE SYRIAN HACKERS HACKS OHIO CITY’S WEBSITEFree Syrian Hacker Dr.SHA6H hacked and defaced the official Ohio City Website of Perrysburg. He left a message to the defaced page with a message bashing the governments of the world for not solving the Syrian Crisis.https://www.hackread.com/ohio-city-website-hacked-by-free-syrian-hacker/1/17/2015UnknownUnknownDefacementGovernment
2015-023WHID 2015-023: 19,000 French websites hit by DDoS, defaced in wake of terror attackSince the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers, AP reports.http://www.net-security.org/secworld.php?id=178321/16/2015Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
2015-022WHID 2015-022: Aqua Marine Boat website hackedDB dumped on PasteBinhttp://pastebin.com/ApnT0YcX1/13/2015SQL InjectionImproper Input HandlingLeakage of InformationRetail
2015-021WHID 2015-021: BigBlueInteractive HackedZyklon dumpts DBhttp://www.databreaches.net/and-then-i-stumbled-across-these-hacks-by-zyklon/1/14/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-020WHID 2015-020: PasteBin DB Dump from lehlel.comlehlel.com was hacked and DB dumpedhttp://pastebin.ca/29061071/14/2015SQL InjectionImproper Input HandlingLeakage of InformationSocial
2015-019WHID 2015-019: Payment cards targeted in attack on pet supplies websiteTennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.http://www.scmagazine.com/payment-cards-targeted-in-attack-on-pet-supplies-website/article/392821/1/16/2015UnknownUnknownLeakage of InformationRetail
2013-055WHID 2013-055: Boomerang Rentals Issues Statement Following Alleged Security BreachUK-based Boomerang Rentals, a videogame rental service, issued a statement Monday, January 12th, following earlier allegations that customer information had been compromised.http://www.gamebrit.com/2013/01/12/boomerang-rentals-uk-issues-statement-following-alleged-hack-security-breach-game-rental/1/12/2013SQL InjectionImproper Input HandlingLeakage of InformationGaming
2015-018WHID 2015-018: Notepad++ Releases “Je suis Charlie” Edition, Website Gets DefacedThe website of the open-source text editor Notepad++ has been defaced by an Islamist hacking group because the developer released a “Je suis Charlie” edition of the software.http://news.softpedia.com/news/Notepad-plus-plus-Releases-Je-suis-Charlie-Edition-Website-Gets-Defaced-469956.shtml1/14/2015UnknownUnknownDefacementTechnology
2013-053WHID 2013-053: Crayola apologizes for Facebook page hackThe Crayola Facebook page was posting things far more risqué than crayons this past weekend. Unknown hackers took control of the Crayola social media webpage and posted dozens of links to R-rated sites and sexual jokes.http://www.usatoday.com/story/news/nation-now/2013/01/12/crayola-facebook-page-hack/21640887/1/12/2013UnknownUnknownAccount TakeoverSocial
2015-017WHID 2015-017: Thousands of American and United airlines accounts hacked, with thieves booking dozens of free tripsThe hackers stole usernames and passwords from a third party source and logged into thousands of accounts. The source of the leak is being investigated as the airlines work to pay back the hacked customers.http://www.nydailynews.com/news/national/thousands-american-united-airlines-accounts-hacked-article-1.20751621/12/2015SQL InjectionImproper Input HandlingLeakage of InformationTransportation
2013-051WHID 2013-051: CENTCOM Twitter account hacked, suspendedThe Twitter account for U.S. Central Command was suspended Monday after it was hacked by ISIS sympathizers -- but no classified information was obtained and no military networks were compromised, defense officials said.http://www.cnn.com/2013/01/12/politics/centcom-twitter-hacked-suspended/1/12/2013Brute ForceInsufficient Anti-AutomationAccount TakeoverSocial
2015-016WHID 2015-016: Bundaberg Library website used as hacker's billboardPOLICE are investigating after the Bundaberg Regional Libraries website was hacked by a Syrian activist.http://www.news-mail.com.au/news/library-website-a-hackers-billboard/2508740/1/13/2015UnknownUnknownDefacementGovernment
Web Hacking Incident Database (WHID)
Form Responses 1