Web Hacking Incident Database (WHID) - Current
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Still loading...
WHID IDEntry TitleIncident DescriptionReferenceDate OccurredAttack MethodApplication WeaknessOutcomeAttacked Entity FieldAttacked Entity GeographyMass AttackMass Attack NameNumber of Sites AffectedAttack Source GeographyAttacked System TechnologyCostItems LeakedNumber of RecordsAdditional Link
2015-063WHID 2015-063: Hong Kong Free Press hit by denial-of-service attack weeks before launch
Hong Kong Free Press, an independent news website set up to counter falling press freedom in the territory, has been hit by a denial-of-service attack before the platform has launched
http://www.mumbrella.asia/2015/06/hong-kong-free-press-hit-by-denial-of-service-attack-before-launch/6/3/2015Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
2015-062WHID 2015-062: Businessman Loses $240,000 to Hackers
A targeted attack on a businessman from Mahwah, New Jersey, caused the victim a financial loss of $240,000 / €215,000, through a bank transfer request that appeared legitimate to the financial institution.
http://news.softpedia.com/news/Businessman-Loses-240-000-to-Hackers-483098.shtml6/2/2015Banking TrojanInsufficient AuthenticationMonetary LossFinance
2015-061WHID 2015-061: Local websites hacked after a brute force attack
Web Design 309, a local web design firm, says the hackers used a brute force attack to break into a local server, using millions of password combinations at the same time until one of them worked.
http://www.cinewsnow.com/news/local/Local-websites-hacked-after-a-brute-force-attack-305933091.html6/2/2015Brute ForceInsufficient Anti-AutomationAccount TakeoverTechnology
2015-060WHID 2015-060: Hackers attack Huffington Post, other sites, with malware-laced ads
The Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.
2015-059WHID 2015-059: 'Self-XSS' flaw in found Microsoft Dynamics CRM
A flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a logged-in user into inserting malicious code within input fields on vulnerable websites.
http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/1/8/2015Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2015-058WHID 2015-058: Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit
A newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attacks
http://www.scmagazine.com/malware-targets-linux-and-arm-architecture/article/391497/1/7/2015Brute ForceInsufficient Anti-AutomationBotnet RecruitmentMultiple
2015-057WHID 2015-057: Hackers with ties to Islamic State group take over Buena Park nonprofit's website
Giving Children Hope, a nonprofit that delivers aid to children and families in need around the world, had its website hacked by a group identifying itself as Team System Dz, an Islamic State sympathizer.
2015-056WHID 2015-056: Bulgarian Energy Regulator’s Website Hacked
Initially the cyberattack had only affected the homepage of www.dker.bg, with access to the site being restricted completely at around 9.30 AM CET on Thursday
2015-055WHID 2015-055: Merkel website hacked ahead of visit by Ukrainian premier
A German official says Chancellor Angela Merkel's website and several other German government sites have been blocked, and a pro-Russian organization has claimed responsibility.
http://www.utsandiego.com/news/2015/jan/07/merkel-website-hacked-ahead-of-visit-by-ukrainian/1/7/2015Denial of ServiceInsufficient Anti-AutomationDowntimeGovernment
2015-054WHID 2015-054: Md. station's Twitter, website hacked by ISIS supporters
The Twitter account for WBOC, a Salisbury-based television station, was hijacked Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group.
2015-053WHID 2015-053: Primary school website hacked by Islamic extremists
The homepage of Sowerby Community Primary School in Yorkshire was taken over by messages of hate against America and Israel
2015-052WHID 2015-052: iCloud hole closed following brute force attack
A hole in iCloud's security allowed attackers to access any iCloud account via a brute force attack that side-stepped blocks - but it is now reported to have been patched.
http://www.scmagazineuk.com/icloud-hole-closed-following-brute-force-attack/article/390822/1/5/2015Brute ForceInsufficient Anti-AutomationLeakage of InformationTechnology
2015-051WHID 2015-051: Weasel Zippers attacked, taken down for 12 hoursDDoS attack for 12 hours.http://www.americanthinker.com/blog/2015/01/weasel_zippers_attacked_taken_down_for_12_hours.html1/6/2015Denial of ServiceInsufficient Anti-AutomationDowntimePolitics
2015-050WHID 2015-050: University Of Cape CoastOfficial Website Hacked
The official website of the University Of Cape Coast has been taken down
2015-049WHID 2015-049: Bitstamp exchange hacked, $5M worth of bitcoin stolen
The European bitcoin exchange suspends its service after it was hacked, ZDNet can confirm. Less than 19,000 bitcoins were stolen from an operational wallet.
http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/1/5/2015UnknownUnknownMonetary LossFinance
2015-048WHID 2015-048: OP hit by another denial of service attack
The second attack was detected on Sunday afternoon, only a couple of hours after the first attack had ended, according to an announcement posted by the financial services provider on its Facebook page.
http://www.helsinkitimes.fi/finland/finland-news/domestic/13104-op-hit-by-another-denial-of-service-attack.html1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2015-047WHID 2015-047: Finnish bank takes cricket bat to wave after wave of DDoS varmints
Finnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve.
http://www.theregister.co.uk/2015/01/05/finnish_bank_ddos/1/5/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-127WHID 2013-127: Burger King Twitter account hacked, defaced
The Twitter account associated with the fast-food chain Burger King was suspended after an apparent hack defaced the page with messages that the account had been sold to McDonald's.
http://www.cnet.com/news/burger-king-twitter-account-hacked-defaced/2/18/2013Brute ForceInsufficient AuthenticationAccount TakeoverSocial
http://www.fastcompany.com/3005965/200000-caymans-corporations-hacked-art-project2/15/2013ScrapingInsufficient Anti-AutomationLeakage of InformationFinance
2013-125WHID 2013-125: Facebook says social network hacked
In a post by Facebook's security team, the company said the attack happened after some employees went to a mobile developer's website, which turned out to be compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," Facebook said.
http://www.marketwatch.com/story/facebook-says-social-network-hacked-2013-02-152/15/2013UnknownUnknownPlanting of MalwareTechnology
2013-124WHID 2013-124: Chinese hacker arrested after extorting $32K from web companies
A 24-year-old Chinese man was arrested after authorities learned he had amassed $32,000 to purchase in-game MMO equipment by extorting internet companies
2013-123WHID 2013-123: Yahoo! hacked in New Zealand through WordPress vulnerability
Telecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an old and unpatched version of WordPress to host the service.
http://www.smartcompany.com.au/technology/information-technology/30276-yahoo-hacked-in-new-zealand-through-wordpress-vulnerability.html#2/11/2013UnknownUnknownAccount TakeoverHosting ProvidersWordPress
2013-122WHID 2013-122: E-banking theft: Hackers steal Rs 2.5L
An unknown cyber criminal allegedly hacked into the NRI bank account of Savio Joao Piedade Clemente from Borda, Margao, on January 29 and fraudulently withdrew 2.5 lakh from it.
http://timesofindia.indiatimes.com/city/goa/E-banking-theft-Hackers-steal-Rs-2-5L/articleshow/18423221.cms2/10/2013Banking TrojanInsufficient Process ValidationMonetary LossFinance
2013-121WHID 2013-121: Hackers target Alabama Criminal Justice Information Center website
A hack of the Alabama Criminal Justice Information Center’s public website is now the subject of a criminal investigation, according to the Alabama Department of Homeland Security.
2013-120WHID 2013-120: Hackers access bankers' info on Fed website
More than 4,000 bank executives had their personal information published on the Internet by hackers who accessed the data on an internal Federal Reserve website, according to a Reuters report.
http://www.usatoday.com/story/money/business/2013/02/06/federal-reserves-website-hacked/1896843/2/6/2013SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-119WHID 2013-119: Energy Department hacked, says no classified data was compromised
The Department of Energy's electronics network was attacked by hackers in mid-January but no classified data was compromised, the agency said in a letter to employees.
http://articles.chicagotribune.com/2013-02-04/news/sns-rt-us-usa-cybersecurity-doebre9130zl-20130204_1_state-department-cables-energy-department-wikileaks2/4/2013UnknownUnknownLeakage of InformationGovernment
2013-118WHID 2013-118: Malware warnings block Google Chrome users from some sites after website hacked
Malware warnings were halting Internet users from visiting popular sites across the Internet on Monday morning, including some websites owned by The Saratogian's parent company, Digital First Media, after a Silicon Valley advertising company had it website hacked. The company said Monday that its ads were not infected with any virus, so other sites were safe.
http://www.saratogian.com/general-news/20130204/malware-warnings-block-google-chrome-users-from-some-sites-after-website-hacked2/4/2013UnknownUnknownPlanting of MalwareMultiple
2013-117WHID 2013-117: Amid Iraqi protests, hackers hit Maliki's website
Iraq's Prime Minister Nuri al-Maliki is facing protests from Sunni Muslims, an oil dispute with the Kurdistan region and turmoil in his own government. Now hackers have attacked his website to brand him a tyrant.
2013-116WHID 2013-116: Twitter: Hackers hit 250,000 accounts
Twitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.
http://www.usatoday.com/story/tech/2013/02/01/twitter-hackers-china-us/1885347/2/2/2013UnknownUnknownLeakage of InformationSocial
2013-115WHID 2013-115: Yahoo Mail users still seeing accounts hacked via XSS exploit
Yahoo Mail users are once again having their accounts compromised in attacks that are very similar to the ones seen just a few weeks ago. Attackers are gaining access after leveraging a flaw in the company’s YDN blog page by means of a link sent to victims’ inboxes.
http://thenextweb.com/insider/2013/01/31/yahoo-mail-users-still-seeing-accounts-hacked-via-xss-exploit-amid-reports-yahoo-failed-to-fix-old-flaw/1/31/2013Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2013-114WHID 2013-114: Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame
Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.
http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/1/7/2013Cross-site Scripting (XSS)Improper Output HandlingAccount TakeoverTechnology
2013-113WHID 2013-113: Patelco Confirms Five-Hour DDoS Takedown
Last Thursday, the main member-facing Patelco website was down for around five hours, said Patelco CEO Ken Burns in an interview Tuesday.
http://www.cutimes.com/2013/01/29/patelco-confirms-five-hour-ddos-takedown1/29/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-112WHID 2013-112: RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk
A user uploaded a malicious gem that contained a malicious gem manifest (YAML file). The manifest contained embedded Ruby with this payload. This is the only known incident involving this vulnerability, but the vulnerability involved is a remote code execution exploit, so the usual rules apply.
http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/1/30/2013Code InjectionImproper Input HandlingLeakage of InformationTechnology
2013-111WHID 2013-111: Rogue Payday loan brokers hacking websites to increase website traffic
An investigation by Sky News has revealed that some Payday loan brokers have been involved in hacking popular websites in order to increase their rankings on Google and the number of visitors to their sites
http://www.financialreporter.co.uk/finance-news/rogue-payday-loan-brokers-hacking-websites-to-increase-website-traffic.html1/29/2013UnknownUnknownSPAM LinksMultiple
2013-110WHID 2013-110: Citizens Bank website brought down by Iranian hackers
The bank's website was down on Thursday because of what the bank called "a temporary disruption due to an unusually high volume of Internet traffic."
http://www.wcvb.com/money/Citizens-Bank-website-brought-down-by-Iranian-hackers/182910481/26/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-109WHID 2013-109: Anonymous Hacks US Government Site, Threatens Supreme 'Warheads'
The hacktivist group Anonymous hacked the U.S. federal sentencing website early Saturday, using the page to make a brazen and boisterous declaration of "war" on the U.S. government.
2013-108WHID 2013-108: Buy Way Hit by Extortionist Rex Mundi Hackers
Hacker group Rex Mundi, which recently attempted to extort $15,000 from AmeriCash Advance and $50,000 from Drake International, now claim to have breached the servers of Belgian company Buy Way
http://www.esecurityplanet.com/hackers/buy-way-hit-by-extortionist-rex-mundi-hackers.html1/25/2013SQL InjectionImproper Input HandlingLeakage of InformationRetail
2013-107WHID 2013-107: Texas Credit Union Hit by DDoS Attackers
University Federal Credit Union, the $1.5 billion institution headquartered in Austin, Texas, confirmed Friday that it was taken down “for around two and one-half hours” on Thursday in a cyber attack
http://www.cutimes.com/2013/01/25/texas-credit-union-hit-by-ddos-attackers?ref=hp1/25/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-106WHID 2013-106: After Ransom Request, Trading Firm Repelled Hacker Attacks
The last in a year-long series of hacker attacks on Henyep Capital Markets (UK) Ltd., an online trading platform, was quickly repelled last October
http://blogs.wsj.com/cio/2013/01/25/after-ransom-request-trading-firm-repelled-hacker-attacks/1/25/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-105WHID 2013-105: Web server hackers install rogue Apache modules and SSH backdoors
A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their SSH (Secure Shell) services in order to steal login credentials from administrators and users.
http://www.infoworld.com/article/2612975/hacking/web-server-hackers-install-rogue-apache-modules-and-ssh-backdoors--researchers-say.html1/24/2013UnknownUnknownPlanting of MalwareMultiple
2013-104WHID 2013-104: Capital One Website Disrupted, Cyber Protestors Claim Attack
The website for Capital One was inaccessible for online banking customers for hours overnight, possibly the latest salvo in a long-running cyber protest targeting major Western financial institutions over an anti-Islam movie.
http://abcnews.go.com/blogs/headlines/2013/01/capital-one-website-disrupted-cyber-protestors-claim-attack/1/24/2013Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2013-103WHID 2013-103: More Zimbabwean bank websites hacked
Metropolitan Bank, the hacking of whose website we reported here two days ago, were not the only local financial institution to suffer at the hands of site defacers in the past couple of weeks. - See more at: http://www.techzim.co.zw/2013/01/more-zimbabwean-bank-websites-hacked-mbca-tetrad-and-others/#sthash.DMxZ56S1.dpuf
2013-102WHID 2013-102: Sri Lanka govt Web sites hit in spate of attacks
A hacker on Tuesday breached the Web site of Sri Lanka Port Authority (SLPA), and also attacked and leaked the Web sites of two Sri Lankan TV channels and the Bureau of Foreign Employment over the last weekend.
2013-101WHID 2013-101: Hackers steal thousands from Vancouver church
It’s very likely that hackers were simply using a banking trojan in a consumer-focused info-stealing campaign and just happened to ensnare the church’s account details from the home computer.
http://www.infosecurity-magazine.com/news/hackers-steal-thousands-from-vancouver-church/1/22/2013Banking TrojanInsufficient Process ValidationMonetary LossFinance
2013-100WHID 2013-100: UNSW confirms hacking breach
The University of NSW has been the target of a "concerted effort" to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed.
2013-099WHID 2013-099: Metropolitan Bank website hacked
We’re gathering that the websites belonging to Zimbabwean bank, Metropolitan Bank (www.metbank.co.zw) was defaced and subsequently taken down ‘for maintenance’. - See more at: http://www.techzim.co.zw/2013/01/metropolitan-bank-website-hacked/#sthash.9ykIzLxt.dpuf
2013-098WHID 2013-098: Altech website hacked
Australian distributor Altech Computers fell victim to a hacking attack on Sunday after attackers gained access to a page on the company’s website and uploaded images of a pornographic nature.
2013-097WHID 2013-007: Phys.Org Hacked, serving up malware
Phys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users that "this site may harm your computer."
http://www.networkworld.com/article/2223853/microsoft-subnet/phys-org-hacked--serving-up-malware--google-blocks-site--but-bing-doesn-t.html1/16/2013UnknownUnknownPlanting of MalwareEducation
2013-096WHID 2013-096: Hackers Disrupt Mexican Defense Ministry’s Website
Hackers claimed a cyberattack on the Mexican defense ministry website on Jan. 16, posting a manifesto from the Zapatista rebel group for two hours.
2013-095WHID 2013-095: EMG website hacked by Red Army
The webpage, http://news-eleven.com, of Eleven Media Group has today been hacked by Red Army (a combination of six different hacker groups namely Blink Hacker Group, Myanmar Hack3rs Unite4m, Myanmar Cyber Army, Black Hack Area, Myanmar Cyber Defence Army, and Cyber Vampire Team).
2013-094WHID 2013-094: Culture Ministry website hacked by "Bad Piggies"
The official website of the Cultural Ministry was still off the air on Wednesday, as police continued to hunt for hackers who tampered with the website yesterday and again today.
2015-046WHID 2015-046: PhonCert HackedDB Dumphttp://siph0n.net/exploits.php?id=36761/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEntertainment
2015-045WHID 2015-045: Women's Resource Centre website hacked by people claiming to support Isis
After the hacking last week, the umbrella body has been unable to restore its website to working order, and does not know why it has been targeted
2015-044WHID 2015-044: Website of Bulgaria's Energy Watchdog Hacked
Hackers have taken down the website of DKEVR, the Bulgarian energy regulator. - See more at: http://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked#sthash.zKOcddf7.dpuf
2015-043WHID 2015-042: Higher Education Commission Pakistan HackedDB Dumphttp://siph0n.net/exploits.php?id=36701/29/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2013-089WHID 2013-089: Some University of Washington websites hacked
A group of University of Washington websites was hacked Thursday morning, and pages were replaced by an extremist message that promised death to Americans in Iraq.
2013-088WHID 2013-088: Top adult site xhamster victim of large malvertising campaign
We are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month.
https://blog.malwarebytes.org/exploits-2/2013/01/top-adult-site-xhamster-victim-of-large-malvertising-campaign/1/27/2013UnknownUnknownPlanting of MalwareAdult
2013-087WHID 2013-097: Taylor Swift hacked on Twitter and Instagram
Taylor Swift may be the victim of a recent hack on both of her confirmed Twitter and Instagram accounts. The now-deleted tweets tag Twitter users @Veriuser and @Lizzard and encourages her fans to follow them.
http://mashable.com/2013/01/27/taylor-swift-hack/1/27/2013UnknownUnknownAccount TakeoverSocial
2015-042WHID 2015-042: Rex Mundi dumps more data after another entity doesn’t pay extortion demands
Last week, we hacked the servers of Temporis, allegedly France’s largest network of franchised temp work agencies (www.temporis-franchise.fr).
http://www.databreaches.net/rex-mundi-dumps-more-data-after-another-entity-doesnt-pay-extortion-demands/1/27/2015SQL InjectionImproper Input HandlingLeakage of InformationRecruiting
2015-041WHID 2015-041: Victor Valley College hit by computer security breach
The entire Victor Valley College Information Technology Department has been placed on paid administrative leave while campus police and an outside company investigate a breach in security protocol, President Roger Wagner said Thursday.
http://www.databreaches.net/ca-victor-valley-college-hit-by-computer-security-breach-entire-it-dept-put-on-leave/1/31/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2015-040WHID 2015-040: oklahomacounty.org hackedDB Dump on PasteBinhttp://pastebin.com/0ekAGZWs1/25/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-083WHID 2013-083: Malaysia Airlines website hacked by 'Cyber Caliphate'
In a post on its Facebook account, the airline denied its internal servers, which contain passenger information, had been compromised. It said its Domain Name System (DNS) had instead been hijacked, with users redirected to the hackers' website.
http://www.cnn.com/2013/01/25/asia/malaysia-airlines-website-hacked/1/26/2013DNS HijackingInsufficient Process ValidationDefacementTransportation
2015-039WHID 2015-039: ValidDumps.RU Full User Database DumpDB Dumphttp://siph0n.net/exploits.php?id=36681/22/2015SQL InjectionImproper Input HandlingLeakage of InformationHacker Site
2015-038WHID 2015-038: FreshFiction DB DumpedDB Dump on PasteBinhttp://pastebin.com/ZGfRR7mL1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-037WHID 2015-037: Bitcoin news website Coinfire and its Twitter account hacked
“Well, looks like the XPY supporters got what they wanted. They logged in to our domain registrar account and had our domain taken away from us,” he added.
http://www.hackread.com/bitcoin-news-website-coinfire-website-twitter-hacked/1/26/2015DNS HijackingInsufficient Process ValidationDefacementMedia
2015-036WHID 2015-036: Government of Nepal /Nepal Department of Transportation HackedDB Dumphttp://siph0n.net/exploits.php?id=36651/19/2015SQL InjectionImproper Input HandlingLeakage of InformationGovernment
2013-078WHID 2013-078: Nigeria: DHQ Blogsite Hacked
The Defence Headquarters (DHQ)' information blog site, defenceinfo.mil.ng, that was hacked into in the early hours of Friday, 23 January, 2013 has been restored to full operation.
2015-035WHID 2015-035: U. Chicago hacked
It appears we should add the University of Chicago to schools hacked by Carbonic. And yes, chalk it up to another SQLi vulnerability.
http://www.databreaches.net/u-chicago-hacked-by-teamcarbonic-claim/1/24/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2015-034WHID 2015-034: Ghana government websites targeted by hackers
The majority of the Ghanaian government's websites, including its main site, have been hacked and are currently offline.
2015-033WHID 2015-033: Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic Army
Hackers from the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, broke into the Twitter account of Le Monde overnight, the newspaper confirmed on Wednesday.
http://www.telegraph.co.uk/news/worldnews/europe/france/11359732/Le-Monde-hacked-Je-ne-suis-pas-Charlie-writes-Syrian-Electronic-Army.html1/21/2015UnknownUnknownAccount TakeoverSocial
2013-074WHID 2013-074: Russian Dating Site Topface Hacked for 20 Million User Names
User names and e-mail addresses of 20 million visitors to a Russia-based online dating service have been hacked and offered for sale on a website, according to fraud-detection software-maker Easy Solutions Inc.
http://www.bloomberg.com/news/articles/2013-01-25/hacker-steals-20-million-passwords-from-unidentified-dating-site1/25/2013SQL InjectionImproper Input HandlingLeakage of InformationSocial
2015-032WHID 2015-032: Alleged Islamic hackers target NZ websites
At least two New Zealand websites have been hacked and defaced by a group calling themselves the 'Team Muslim Cyberforce'.
2015-031WHID 2015-031: Aussie Travel Cover hack exposes details of 770,000 customers
A major data breach has hit one of Australia's leading travel insurers, exposing details of three quarters of a million policy holders. But while the hack occurred last year, customers have remained in the dark.
http://www.cnet.com/au/news/aussie-travel-cover-hack-exposes-customer-details/1/20/2015SQL InjectionImproper Input HandlingLeakage of InformationTravel
2015-030WHID 2015-030: philsacra.ust.edu.ph website hacked DB dumphttp://siph0n.net/exploits.php?id=36541/17/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
2013-070WHID 2013-070: Govt sites hacked on eve of SC cybercrime hearing
On the eve of the Supreme Court's hearing on the Anti-Cybercrime Act of 2012, hackers opposing the law defaced several government websites early Monday.
2013-069WHID 2013-089: Road Transport Corporation website hacked
The official website of the Andhra Pradesh State Road Transport Corporation (APSRTC) was defaced by suspected hackers from Bangladesh on Sunday
2015-029WHID 2015-029: DDoS Attacks Slam Finnish Bank
Police in Finland are investigating a series of distributed denial-of-service attacks against the country's OP Pohjola financial services group that have intermittently shut down online banking and direct debit services
http://www.bankinfosecurity.com/ddos-attacks-slam-finnish-bank-a-77611/7/2015Denial of ServiceInsufficient Anti-AutomationDowntimeFinance
2015-028WHID 2015-028: PowerPulse website hackedDB dumpedhttp://siph0n.net/exploits.php?id=36531/16/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-027WHID 2015-027: Virginia county website defaced with Islamic State message
A Virginia county was the victim of a cyber attack where a group posted messages and videos praising ISIS, the rebel Islamic group that has leveled threats against the United States. - See more at: http://statescoop.com/virginia-county-website-defaced-islamic-state-messages/#sthash.C2MeEh4O.dpuf
2015-026WHID 2015-026: Grill parts website experiences system intrusion, payment card breach
From January 2014 to October 2014, cardholder data was exposed on three separate occasions for various lengths of time due to a cyber attack against Barbecue Renew's web server.
http://www.scmagazine.com/grill-parts-website-experiences-system-intrusion-payment-card-breach/article/394116/1/23/2015SQL InjectionImproper Input HandlingLeakage of InformationRetail
2013-064WHID 2013-064: New York Post Confirms Twitter Accounts Were Hacked
The New York Post said its Twitter account was hacked after messages were posted citing bogus breaking news about U.S. interest-rate policy and China firing missiles on a U.S. Navy ship.
http://www.bloomberg.com/news/articles/2013-01-16/new-york-post-says-twitter-feed-hacked-after-fake-china-tweets1/16/2013UnknownUnknownAccount TakeoverSocial
2013-063WHID 2013-063: Lizard Lair Hacked
Someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service.
https://krebsonsecurity.com/2013/01/another-lizard-arrested-lizard-lair-hacked/1/15/2013SQL InjectionImproper Input HandlingLeakage of InformationRetail
2015-025WHID 2015-025: Hacker breached Metropolitan State University database with personal info
In a campuswide e-mail Friday, interim president Devinder Malhotra wrote that a computer hacker apparently got “unauthorized access” to the university database in mid-December, and that investigators are still trying to determine the scope of the data breach.
http://www.databreaches.net/mn-hacker-breached-metropolitan-state-university-database-with-pe-rsonal-info/1/16/2015SQL InjectionImproper Input HandlingLeakage of InformationEducation
Free Syrian Hacker Dr.SHA6H hacked and defaced the official Ohio City Website of Perrysburg. He left a message to the defaced page with a message bashing the governments of the world for not solving the Syrian Crisis.
2015-023WHID 2015-023: 19,000 French websites hit by DDoS, defaced in wake of terror attack
Since the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers, AP reports.
http://www.net-security.org/secworld.php?id=178321/16/2015Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
2015-022WHID 2015-022: Aqua Marine Boat website hackedDB dumped on PasteBinhttp://pastebin.com/ApnT0YcX1/13/2015SQL InjectionImproper Input HandlingLeakage of InformationRetail
2015-021WHID 2015-021: BigBlueInteractive HackedZyklon dumpts DBhttp://www.databreaches.net/and-then-i-stumbled-across-these-hacks-by-zyklon/1/14/2015SQL InjectionImproper Input HandlingLeakage of InformationMedia
2015-020WHID 2015-020: PasteBin DB Dump from lehlel.com
lehlel.com was hacked and DB dumped
http://pastebin.ca/29061071/14/2015SQL InjectionImproper Input HandlingLeakage of InformationSocial
2015-019WHID 2015-019: Payment cards targeted in attack on pet supplies website
Tennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.
http://www.scmagazine.com/payment-cards-targeted-in-attack-on-pet-supplies-website/article/392821/1/16/2015UnknownUnknownLeakage of InformationRetail
2013-055WHID 2013-055: Boomerang Rentals Issues Statement Following Alleged Security Breach
UK-based Boomerang Rentals, a videogame rental service, issued a statement Monday, January 12th, following earlier allegations that customer information had been compromised.
http://www.gamebrit.com/2013/01/12/boomerang-rentals-uk-issues-statement-following-alleged-hack-security-breach-game-rental/1/12/2013SQL InjectionImproper Input HandlingLeakage of InformationGaming
2015-018WHID 2015-018: Notepad++ Releases “Je suis Charlie” Edition, Website Gets Defaced
The website of the open-source text editor Notepad++ has been defaced by an Islamist hacking group because the developer released a “Je suis Charlie” edition of the software.
2013-053WHID 2013-053: Crayola apologizes for Facebook page hack
The Crayola Facebook page was posting things far more risqué than crayons this past weekend. Unknown hackers took control of the Crayola social media webpage and posted dozens of links to R-rated sites and sexual jokes.
http://www.usatoday.com/story/news/nation-now/2013/01/12/crayola-facebook-page-hack/21640887/1/12/2013UnknownUnknownAccount TakeoverSocial
2015-017WHID 2015-017: Thousands of American and United airlines accounts hacked, with thieves booking dozens of free trips
The hackers stole usernames and passwords from a third party source and logged into thousands of accounts. The source of the leak is being investigated as the airlines work to pay back the hacked customers.
http://www.nydailynews.com/news/national/thousands-american-united-airlines-accounts-hacked-article-1.20751621/12/2015SQL InjectionImproper Input HandlingLeakage of InformationTransportation
2013-051WHID 2013-051: CENTCOM Twitter account hacked, suspended
The Twitter account for U.S. Central Command was suspended Monday after it was hacked by ISIS sympathizers -- but no classified information was obtained and no military networks were compromised, defense officials said.
http://www.cnn.com/2013/01/12/politics/centcom-twitter-hacked-suspended/1/12/2013Brute ForceInsufficient Anti-AutomationAccount TakeoverSocial
2015-016WHID 2015-016: Bundaberg Library website used as hacker's billboard
POLICE are investigating after the Bundaberg Regional Libraries website was hacked by a Syrian activist.
2013-049WHID 2013-049: Anonymous claims first victim in 'Operation Charlie Hebdo'
Hacking collective Anonymous declared war on Islamic extremists after Wednesday's deadly attack on Paris-based satirical newspaper Charlie Hebdo, and the group has now claimed its first victim.
http://mashable.com/2013/01/10/anonymous-operation-charlie-hebdo/1/10/2013Denial of ServiceInsufficient Anti-AutomationDowntimeMedia
2015-015WHID 2015-015: North Korean official news agency site serves malware
Users who visited the site of the state-run North Korean news agency, to see the country’s response to the Sony hacking accusations or for other reasons, might want to scan their computers for malware.
http://www.pcworld.com/article/2868436/north-korean-official-news-agency-site-serves-malware.html1/13/2015UnknownUnknownPlanting of MalwareMedia
2015-014WHID 2015-014: Extratorrent Down After Huge DDoS Attack
xtraTorrent, one of the largest torrent sites on the Internet, remains down following a huge DDoS attack. The site's operators are working hard to mitigate the assault and hope to have the site back online soon.
https://torrentfreak.com/extratorrent-down-after-huge-ddos-attack-150112/1/12/2015Denial of ServiceInsufficient Anti-AutomationDowntimeData Sharing
2013-046WHID 2013-046: Did you visit HuffPo last week? You might have a virus
This past week, The Huffington Post and several major websites displayed malware-laced advertisements that infected computers and locked them down.
http://money.cnn.com/2013/01/08/technology/security/malvertising-huffington-post/1/8/2013UnknownUnknownPlanting of MalwareMedia
Web Hacking Incident Database (WHID)
Form Responses 1