Date | Author | Description | Organization | Attack |
Oct 1 | ![]() |
Filmradar.com
NeatStuffs hacks filmradar.com a movie review and information site/community and releases on Mediafire a 6mb txt file containing 95167 accounts with hashed passwords. Estimated cost of the breach is $ 20,365,738. |
![]() |
SQLi? |
Oct 2 | Venezuela National Statistics Institute
SwichSmoke crew hacks the Venezuela National Statistics Insitute during the 2011 Census. |
![]() |
SQLi? | |
Oct 2 |
Camber Corporation (US Contractor)
Once again a US Government contractor is target of cyber crime. This time is the turn of Camber Corporation, targeted by a small hack by @ThEhAcKeR12, which releases 3 admin accounts with encrypted passwords. and admin full name. |
![]() |
? | |
Oct 2 |
wrestlegame.co.uk
Again @ThEhAcKeR12, this time the crew dumps 1500+ accounts (in encrypted format) and a database from wrestlegame.co.uk. Estimated cost of the breach is around $321,000. |
wrestlegame | SQLi? | |
Oct 2 |
A student arrested few days later |
Thailand Prime Minister
Thailand’s Prime Minister, Yingluck Shinawatra, had her Twitter account hacked flooding her followers with a stream of messages criticising her leadership with statements like this: The final post read: “If she can’t even protect her own Twitter account, how can she protect the country?“ |
![]() |
Account Hacking |
Oct 4 | Austrian Economy Chamber (WKO) WKO confirms that its webserver was infiltrated by unidentified cyber criminals. More than 6,000 data sets of customers of the chamber were published on the internet. Although Anonymous Austria leaked the data, they stressed they had not carried out the attack on WKO themselves, but had been provided with the records by someone else, adding that the security leak was exposed by using online search engine Google. Estimated cost of the Breach is around $1,284,000. |
![]() |
Vulnerability on The Target Platform | |
Oct 5 |
funniestvideosonline.com @ThEhAcKeR12 does not stop here and dumps 3300 accounts from funniestvideosonline.com and are all encrypted passwords. Estimated cost of the Breach is around $706,200. |
![]() |
SQLi? | |
Oct 5 | www.xvidonline.com @FailRoot hacks and leaks several accounts from www.xvidonline.com putting the websits offline. |
xvidonline.com | SQLi? | |
Oct 5 | Optik Fiber | Gmail (Claimed) Optik Fiber releases several gmail accounts claimed to have been hacked via a known security flaw in gmail. It is not sure if this is real or not but it is meaningful as well of the global level of (in)security, real or psychological. |
![]() |
Known Security Flaw in Gmail (N/A) |
Oct 5 | ? | Fashion TV India Unknown hackers hacks Fashion TV India with the injection tool havij and obtain a list of accounts dumping usernames and passwords in clear text. |
SQLi via havij | |
Oct 6 | ![]() |
Syrian Internet Log Files
Internet activists from Telecomix release54 GB of log files allegedly created by Syrian internet censors between 22 July and 5 August 2011. The data were found on a third party server. |
![]() |
? |
Oct 7 |
unijobs.com.au An Australian University website that lists jobs is hacked by @BlackHatGhosts and has data dumped, included user logins and passwords. |
![]() |
SQLi? | |
Oct 7 | Several Hackers |
Department of Public Enterprises South Africa Department of Public Enterprises, south Africa is hacked and had its database dumped |
SQLi | |
Oct 7 | Same authors above |
Ministry of Culture and Tourism, Republic of Indonesia Another day, another government website hacked, (and its data leaked). |
![]() |
SQLi |
Oct 7 | ? | University Of Georgia The University of Georgia discovers a data file on a publicly available Web server that contained sensitive personnel information on 18,931 members of the faculty and staff employed at the institution in 2002. The file included the social security number, name, date of birth, date of employment, sex, race, home phone number and home address of individuals employed at UGA in 2002. Estimatec Cost of the Breach is around $4,051,234. |
![]() |
Internal Accidental Error |
Oct 8 | ? |
U.S. Military Drones
Wired reports that a computer virus has infected Predator drones and Reaper drones, logging pilots’ keystroke during their fly missions over Afghanistan and other warzones. The virus was detected nearly two weeks ago at the Ground Control System (GCS) at Creech Air Force Base in Nevada and has not prevented drones from flying their missions, showing an unexpected strength so that multiple efforts were necessary to remove it from Creech’s computers. |
![]() |
USB Stick? |
Oct 8 | German law Author. and Customs Dep. |
German Citizens A very strange (un)lawful Cyber Attack, against German Citizens. Chaos Computer Club discloses a “state malware”: a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls. They declare the malware is used by the German police force. Themalware was allegedly installed onto the computer as it passed through customs control at Munich Airport. |
![]() |
Troian Horse |
Oct 9 | Turkish Energy Team |
Several Government Websites
Turkish Energy Team performs (and keeps on to perform) a massive defacement against several governments websites (in certain cases some sub domains). The list (in continuous growth) is published on Zone-H. |
![]() |
Defacement |
Oct 9 | MCA-CRB |
Other Government Websites
Different Crew, same result: a massive defacement against several governments websites. Also in this case the list (in continuous growth) is published on Zone-H. |
![]() |
Defacement |
Oct 9 | justonehost.com
Another Web site hosting company defaced: this time it is the turn of justonehost.com that is hacked [email protected], that also dumps its Database online. The leak contains all users informations, emails, paypals and much more is 11.86mb and has been uploaded to megaupload. |
Defacement SQLi | ||
Oct 10 |
|
Congress of the State of Chihuahua Another government website hit and leaked by @FailRoot: Congress of the state of Chihuahua Mexico. The leak contains administration usernames and (easy guessable) passwords. |
![]() |
SQLi? |
Oct 10 | Q!sR QaTaR |
A cybercriminal from Quatar defaces a large number of websites belonging to the Ankara government, leaving them non-operational. |
![]() |
Margent |
Oct 10 |
40 Zimbabwe Government Websites
A crew called ISCN hacks and defaces 40 Zimbabwe government based websites leaving a polical message. |
![]() |
Defacement | |
Oct 10 | UKGraffiti.com
UKGraffiti is hacked by Anonymous_DR (Anonymous Dominicana) who also dumps usernames, emails and encrypted passwords. |
SQLi? | ||
Oct 11 | ? |
RSA
RSA reveals that it believes two groups, working on behalf of a single nation state, hacked into its servers during the infamous Breach of March and stole information related to the company’s SecurID two-factor authentication products used to attack some defense contractors. Although people are likely to assume that China might have been involved in the attack, they did not reveal the name of the nation involved. |
![]() |
APT |
Oct 11 | ? |
Sony (Playstation Network, Sony Entertainment Network and Sony Online Entertainment) Back tho the future! Sony under cyber attack… Again! The Company reports of unauthorized attempts to verify valid user accounts on Playstation Network, Sony Entertainment Network and Sony Online Entertainment. A total of 93,000 accounts have been affected (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000). In these cases the attempts succeeded in verifying valid sign-in IDs and passwords, so the accounts were temporalily locked. |
![]() |
SQLi? |
Oct 11 | ? |
blueHOMES.com Unknown Hackers hack the European property Dealers websiteblueHOMES.com . About 500,000 Users data claim to be hacked including database with customer passwords in plaintext, full addresses, skype account, and mailboxes of bluehomes. Specified data leaked on pastebin with sample data of some users. |
![]() |
SQLi |
Oct 11 | ? |
Find2Trade.com
Another website hit by Havij. This time is the turn of Find2Trade, an internet portal whose goal is to help small and medium enterprises to reach much higher profits while reducing costs. UserID, email and passwords, which are encrypted, were leaked. |
Havij | |
Oct 12 | ? |
Raytheon
The U.S. Defense Contractor reveals that it was the victim of a cloud-based attack for the first time, with the incident occurring one week before. Nothing new but the fact that this was the first cloud based attack. The firm usually blocks 1.2 billion attacks a day in addition to four million spam emails each day. |
![]() |
N/A |
Oct 12 | ? | WineHQ
Another Linux Project hacked! Jeremy White, Codeweavers Founder announcesthat access to the WineHQ database has been compromised. It looks like attackers have used phpMyAdmin to access the WineHQ project’s database and harvest users’ appdb and bugzilla access credentials. |
![]() |
SQLi |
Oct 13 | ? |
300,000 Websites Google reveals another mass infection which affected hundreds of thousands of sites that relied on ASP or ASP.NET: A malicious script got injected into several locations targeting English, German, French and other language speakers surfers. |
![]() |
ASP Vulnerability |
Oct 13 | ? |
Genentech The biotechnology company suffered a data breach on August, 17 which may have resulted in the theft of information belonging to 3,500 of the million patients who utilize the company’s support programs. Estimated Cost of The Breach is around $750,000 |
![]() |
Unlegitimate Access |
Oct 14 | ? |
Chili’s Grill & Bar Restaurant
Ok a Chili Breach is not a big deal, except the fact that the computer server Hackers broke into, is placed at Yokosuka Naval Base. According to Navy officials, hackers stole credit card information and run up erroneous charges. |
![]() |
Credit Card Thieft |
Oct 14 | ? |
Fedora Project This is not a direct cyber attack but a consequence of the hacks to Linux projects (Kernel.org and Linux).ThreatPost reveals that Fedora Projectcontacted users to change their password and SSH public key before November 30 to avoid having their accounts marked as inactive. |
![]() |
N/A |
Oct 14 | Barinas State, Venezuela Another dump of sites from @SwichSmokecoming from the state “Barinas” and the government for that state. The release note, in Spanish states that the original password is 123456, fairly lame for a government website. |
![]() |
SQLi | |
Oct 14 | Vicky Singh |
Pakistan Embassy in China Another episode of the Cyberware between Pakistan and Indian Crew: Vicky Singh defaces the Pakistan Embassy in China. |
![]() |
? |
Oct 14 | Team Dexter |
Contrexx.com
An European Content Management System provider is hacked and has a dump of administration details leaked online. |
![]() |
N/A |
Oct 14 Oct 15 | Several Authors |
Club Music CPPS
Club Music CPPS is hacked: the leak contains account emails, usernames and decrypted passwords. Note: on Oct 16 the site is still defaced |
![]() |
SQLi Defacement |
Oct 14 | Venezuela National Graduate Advisory Council
Another cyber attack by @SwichSmoke, this time they leak the Venezuela National Graduate Advisory Council and release the leaked data on pastebin. |
![]() |
SQLi | |
Oct 14 | ? |
Infragard Atlanta (claimed)
It seems that Infragrad has been hacked again and had a dump of accounts leaked and decrypted even if there is no source or reason or even proof that this is 100% real in anyway. Anyway it still shows that Infragard is still in the eyes of some people. The alleged leak contains emails, usernames, encrypted passwords and the decryption of the password as well. |
![]() |
N/A |
Oct 14 | ? |
NSEC (Netaji Subhash Engineering College)
The Netaji Subhash Engineering CollegeNSEC is hacked and has a fair amount of member accounts dumped on pastebin. This comes from an unknown source and unknown reasons. The leak contains full user information, emails and passwords in clear text. |
SQLi | |
Oct 14 | ![]() |
Chinese Government Barbaros-DZ hacks over 1,700 sites belonging to the Chinese Government defacing them and leaving a messageagainst the Goverment itself. THe list of the sites is available on Zone-H. |
![]() |
Defacement |
Oct 14 | ![]() |
Special mention this month for Her Mayesty’s Cabinet Minister Oliver Letwin, who has got himself into hot water, afterThe Daily Mirror reported him in the habit of dumping private correspondence and sensitive documents detailing Al-Qaeda activities and secret service operations into park bins in St James’s Park, Westminster, close to Downing Street. The documents contained the personal details of the minister’s constituents, including names, phone numbers, email contacts and postal addresses. |
![]() |
Defacement |
Oct 15 | SA3D HaCk3D |
16,000+ websites
SA3D HaCk3D shows on Zone-H the results of his work of the past years: a total of 16,000+ websites defaced. |
![]() |
Defacement |
Oct 15 | p0xy |
iCPPS
For an alleged personal revenge, a hacker called p0xy leaks usernames, emails and hashed passwords from the iCPPS online platform. |
![]() |
SQLi |
Oct 15 | iolaka |
World Miss Photogenic
This time is the turn of a fashion/model based website, which is attacked and suffers a dump of accounts leaked containing 1000+ accounts including usernames, emails and encrypted passwords by iolaka. |
![]() |
SQLi |
Oct 15 | ![]() |
India Cyber Crime Investigation Cell Another episode of the Cyber-Guerrilla between India and Pakistan: Pakistani hacker Shadow008 hacks and defaces India’s Most Important website of Cyber cell located at Mumbai. |
Defacement |
Date | Author | Description | Organization | Attack |
Sep 16 | ![]() |
Websites of several Mexican government ministries
As part of OpIndipendencia, websites of several Mexican government ministries, including Defense and Public Security, are teared down in the same day of the symbolic beginning of Mexico’s independence from Spain. |
![]() |
DDoS |
Sep 16 | Mikster |
Clubmusic.com
Clubmusic.com, a worldwide dj website. is hacked and the leak dumped on pastebin. |
SQLi | |
Sep 16 | Sec Indi Security Team |
Official Website of The United States Navy An hacker crew called Sec Indi Security Team Hacker uploads a custom message on the server to warn a WebDav vulnerability. |
![]() |
WebDav Vulnerabilty |
Sep 16 | ? | California State Assembly More than 50 employees of the California State Assemby, including some lawmakers, have been warned that their personal information might have been obtained by a computer hacker. |
![]() |
? |
Sep 17 | ? |
Intelligence And National Security Alliance Names and email addresses of hundreds of U.S. intelligence officials have been posted on an anti-secrecy website. On Monday Sep 10 INSA published a major report warning of an urgent need for cyberdefenses. Within a couple of days, in apparent retaliation, INSA’s “secure” computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org website |
![]() |
N/A |
Sep 17 | ? |
Fake FBI Anonymous Report A Fake FBI Psychological profile of the Anonymous group is published. Although not a direct cyber attack, this event can be considered an example of psychological hacking and a “sign of the times” of how information and counter information may play a crucial role in hacking. |
![]() |
SQLi? |
Sep 18 | ![]() ![]() |
Texas Police Anonymous/Anti-sec releases a documentcontaining a list of about 3300 members of the Texas Police Association |
![]() |
N/A |
Sep 19 | ? | Mitsubishi Heavy Industries
Mitsubishi Heavy Industries, Japan’s biggest defense contractor, has revealed that it suffered a hacker attack in August that caused some of its networks to be infected by malware. According to the firm, 45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles. |
![]() |
APT |
Sep 19 | City Of Rennes TeaMp0isoN takes responsibly to hack the official website of The City Of Rennes (France) via atweet. They also publish the reason of hack on the defacement page. |
![]() |
Defacement | |
Sep 19 |
? |
Hana SK Hana SK Card Co., a South Korean credit card firm, announces that Sep 17, some 200 of its customers’ personal information has been leaked. Total cost of the breach is $42,800. |
Hana SK Card |
SQLi? |
Sep 20 |
? | Former USSR Region Source report that at least 50 victim organizations ranging from government ministries and agencies, diplomatic missions, research institutions, and commercial entities have been hit in the former Soviet Union region and other countries in an apparent industrial espionage campaign that has been going on at least since August 2010.The advanced persistent threat (APT)-type attacks — dubbed “Lurid” after the Trojan malware family being used in it — has infected some 1,465 computers in 61 countries with more than 300 targeted attacks. |
![]() |
APT |
Sep 20 |
Shad0w | Fox Sports Website Fox Sports website, on of the most visited Websites in the world (rank 590 in Alexa) gets hacked. An Hacker named “Shad0w” releases SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leaked database info posted on pastebin.Vulnerable link is also posted together admin password hashes. |
![]() |
SQLi? |
Sep 22 | Core Security Technologies Another security Firm target of hacking: Core Security Technologies is hacked by an hacker called Snc0pe, who defaces some websites belonging to the firm. Mirror of the hack can be seen here. |
![]() |
N/A | |
Sep 24 | ? |
UKChatterbox
Popular IRC service UKChatterbox advises users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages previouslyattributed to maintenance upgrades, back to the start of the summer. In a notice to users, UKChatterbox advises users to change their passwords and not to re-use them on other sites. The number of hacked account is unknown. |
N/A | |
Sep 25 |
![]() |
Seven Major Syrian Cities and Government Web Sites The Anonymous unleash a chain of defacement actions against the Syrian Government, hacking and defacing the official sites of seven major Syrian cities, which stayed up in their defaced version for more than 16 hours. The defacement actions kept on the following day in which 11 Syrian Government Sites were defaced as part of the same operation. |
![]() |
Defacement |
Sep 25 | ? |
Indira Gandhi International Airport
Although happened three months ago, it turns out that a ‘technical snag’ hittinh operations at the Indira Gandhi International Airport (IGIA) T3 Terminal was caused by a “malicious code” sent from a remote location to breach the security at the airport. |
![]() |
APT |
Sep 26 | ![]() |
Inmotion Hosting Server 700,000 websites hosted on InMotion Hosting network are hacked by [email protected] The hackers copied over the index.php in many directories (public_html, wp-admin), deleted images directory and added index.php files where not needed. List of all hacked 700,000 sites here. |
![]() |
Defacement |
Sep 26 | Austrian Police The Austrian Anonymous branch publishes the names and addresses of nearly 25,000 police officials, raising fears for officers’ personal security. An Austrian Interior ministry spokesman said the information came from an “association closely related with the police”. Estimated cost of the breach is around $ 5,400,000. |
SQLi? | ||
Sep 26 | ![]() |
USA Today Twitter Account
The USA Today Twitter account is hacked and starts to tweet false messages mentioning the other accounts hacked by the authors of the action: the Script Kiddies (already in the spotlight for hacking the FoxNews Twitter Account at the Eve of 9/11 anniversary) |
Account Hacking | |
Sep 26 |
? |
MySQL.com
MySQL.com website is struck by cybercriminals, who hacked their way in to serve up malicious code to visiting computers with a Java exploit that downloaded and executed malicious code on visiting Windows computers. Brian Krebs reportsthat just few days before, he noticed on a Russian underground website that a hacker was offering to sell admin rights to MySQL.com for $3000. MySQL.com receives almost 12 million visitors a month (nearly 400,000 a day). |
![]() |
Java Exploit to install malware |
Sep 26 | Harvard University In retaliation for the defacements performed by the Anonymous targeting Syria, Syrian Electronic Soldiers deface the website of the prestigious Harvard University. The same group came in the spotlight during July and August for defacing Anonoplus engaging a “de facto” cyberwar against The Anonymous. |
![]() |
Defacement | |
Sep 26 | ? |
#Occupywallstreet The month of September is characterized by theOccupyWallStreet Operation, started on September, the 17th and still ongoing. Although not directly configurable as an hacking action, it may rely on the support of the Anonymous who “doxed” a senior police who controversially usec pepper spray against a group of female protesters. |
![]() |
N/A |
Sep 27 | COGEL, Council On Governmental Ethical Law Once again in this month,Snc0pe claims another resounding action. This time the alleged target is the official website of The Council on Governmental Ethics Laws (COGEL). He posts a message onpastebin, along with the database download link. |
SQLi? | ||
Sep 28 | Tiroler Gebietskrankenkasse (TGKK) AnonAustria in the spotlight again after the resounding hack against Austrian Police. This time the victim is an health insurance firm Tiroler Gebietskrankenkasse (TGKK) whose database of some 600,475 medical records AnonAustria claims to have hacked. The databse includes some celebrities. The total cost of the breach is around $128,500,000.00. |
![]() |
SQLi? | |
Sep 29 | ? |
SAIC (Science Applications International Corp.) SAIC, one of the Pentagon‘s largest contractors reveals to have discovered a data breach occurred a couple of weeks before, affecting as many as 4.9 million patients who have received care from military facilities in San Antonio since 1992. The breach involved backup computer tapes from an electronic health care record. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states. Statement of the data breach here Estimated cost of the breach is around $ 1 billion. |
Car Burglary | |
Sep 30 | ? |
Laptop Virus Repair
Although not resounding as the one which targeted MySQL.com, here it is another example of a website infected with malicious code targeting a free antivirus cloud based service. |
Laptop Virus Repair |
Malicious Code |
Sep 30 | ? |
Betfair
Betfair reports a leak including not only the payment card details of most of its customers but also “3.15m account usernames with encrypted security questions”, “2.9m usernames with one or more addresses” and “89,744 account usernames with bank account details”. The incident occurred on 14 March 2011 but was announced only 18 months later. Estimated cost of the breach is around $1.3 billion. |
![]() |
? |
Date | Author | Description | Organization | Attack |
Sep 1 | ? | Kernel.org
The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days. |
![]() |
rootkit (Phalanx) |
Sep 1 | ![]() |
Apple, Symantec, Facebook, Microsoft, etc.
The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days, posting the news and records of its exploits onPastebin. |
![]() |
DNS Cache Snoop Poisoning |
Sep 1 | ? |
Birdville Independent School District
Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers.Estimated cost of the breach is around $3,000,000. |
![]() |
? |
Sep 2 | ![]() ![]() |
Texas Police Chiefs Association As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month. |
![]() |
SQLi? |
Sep 2 | ![]() |
EA Game Battlefield Heroes One of the most famous games over the worldBattlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin |
![]() |
SQLi? |
Sep 2 | ![]() |
vBTEAM Underground Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum inpastebin. |
SQLi? | |
Sep 3 | Nomcat |
Indian Government
An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information. |
![]() |
SQLi? |
Sep 4 | Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone
Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day. |
![]() |
DNS Hijacking | |
Sep 5 | ![]() |
Mobile App Network Forum Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2). |
![]() |
SQLi? |
Sep 5 | European Union Institute For Energy and Transport One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine. |
Defacement | ||
Sep 5 | Cocain Team Hackers | United Nations Sub Domain of Swaziland United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. |
![]() |
Defacement |
Sep 5 | Uronimo Mobile Platform The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000. |
SQLi? | ||
Sep 6 | Comodo Hacker |
Diginotar
The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in apastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates. |
![]() |
Several Vulnerabilities |
Sep 7 | ? |
Beaumont Independent School District
The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed. Estimated cost of the breach is $3,210,000. |
![]() |
Human Mistake |
Sep 7 | ? |
Stanford Hospital, Palo Alto, Calif.
A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000. |
![]() |
Human Mistake |
Sep 9 | Comodo Hacker |
GlobalSign
After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve thehttp://www.globalsign.com website. |
![]() |
? |
Sep 9 |
Comodo Hacker |
Google
As consequence of the infamous Diginotar BreachGoogle advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is directly contacting users in Iran who may have been hit by a man-in-the-middle attack. |
![]() |
Man In The Middle |
Sep 9 | ![]() |
NBC News
The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes. |
Trojan Keylogger via Email | |
Sep 9 | ? |
Samsung Card
Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000. |
![]() |
Unauthorized Access |
Sep 10 | ? |
BuyVIP (Amazon Owned)
Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers. |
![]() |
SQLi |
Sep 11 | ? |
Linux Foundation Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. |
![]() |
SQLi? |
Sep 11 | ![]() |
AryansBook.com Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind. |
AryansBook |
SQLi? |
Sep 12 | ? |
Bitconitalk Forum An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin. |
![]() |
0-day exploit in SMF |
Sep 12 | ? |
Nigerian Government Website Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page. |
Defacement | |
Sep 12 | ? |
Vacationland Vendors
A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000. |
![]() |
N/A |
Sep 12 | X-Nerd | Panda Security
Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website: Panda Security. |
![]() |
SQLi? |
Sep 12 | ? |
Russian UK Embassy Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow. |
![]() |
DDoS |
Sep 13 | Cyb3rSec |
thetvdb.com Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com. |
![]() |
SQLi? |
Sep 13 | top100arena.com Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire. |
![]() |
SQLi | |
Sep 14 | President of Bolivia (presidencia.gob.bo) SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data onpastebin. |
![]() |
Various Exploits | |
Sep 14 | ? |
uTorrent.com
The uTorrent.com |
![]() |
SQLi |
Sep 14 | ? |
Bright House Networks Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached. |
![]() |
? |
Sep 14 | ? |
Scarlett Johansson
Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year. |
![]() |
? |
Sep 15 | Stohanko |
Various Sites More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data. |
![]() |
? |
Date | Author | Description | Organization | Attack |
Aug 1 | ![]() |
PCS Consultants
Another U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes. |
![]() |
SQLi? |
Aug 2 | ![]() |
Vitrociset
72 hours after the first defacement, Vitrociset, a contractor of Italian Cyber Police, is hacked and defaced again by Anonymous. |
![]() |
SQLi? Defacement |
Aug 3 | ![]() |
United Nations (Shady RAT)
In an interview to Vanity Fair (as to say, information Security is a fashion), a McAfee Security Researcher declares UN and other international institutions have been victims of a large scale Remote Access Tool based attack from a Foreign Country. The attack is dubbedshady RAT and suspects are directed to China. |
![]() |
Remote Access Tool |
Aug 3 | ![]() |
Colombia
Anonymous and Colombian Hackers shut down the websites of Colombia’s president, the interior and justice ministry, the intelligence service DAS and the governing party. The hacker attack was meant as a protest against government censorship. |
![]() |
DDoS |
Aug 3 | ![]() |
The SUN and News Corp. International
Britain’s Rupert Murdoch-owned tabloid The Sun sends a message to readers warning them that computer hackers may have published their data online after an attack on the paper’s website last month. A hacker styled ‘Batteye‘ claims to have posted details taken from The Sun on the Pastebin. |
![]() |
SQLi? |
Aug 3 | ![]() |
Front National
As a consequence of the Massacre of Oslo, Anonymous France claims to have hacked a server belonging to Front National, leaking a list of 100 leaders of the party |
![]() |
? |
Aug 5 | ? |
Citi Cards Japan (Citigroup)
Eight weeks after a hacker cracked its credit card database, the company’s credit card unit in Japan, Citi Card, reported in a message to its user base that “certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally.” Estimated cost of the breach is about $19.8 million. |
![]() |
unfaithful outsourcer |
Aug 6 | ![]() ![]() ![]() |
Law Enforcement Agencies
After the first attack to Law Enforcement Institutions in July, Anonymous and LulzSec, as part of what they define the ShootingSheriffsSaturday, leak again 10 Gb of Data from the same Law Enforcement Agencies, including private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests |
![]() |
SQLi? |
Aug 6 | ![]() ![]() |
SAPPE (Sindacato Autonomo Polizia Penitenziaria)
Anonymous defaces the Web Site of SAPPE (Independent Union of Prison Guards) and leaves a message on pastebin (here in italian) claiming more rights for detainees |
![]() |
SQLi? |
Aug 6 | ![]() |
Policia Federal (Brazilian Police)
LulzSec Brazil hacks Brazilian Police and discloses 8 gb of data from what they defined the Pandora’s Box |
![]() |
USB Key Stolen? |
Aug 7 | ![]() |
Syrian Ministry of Defense
The Syrian Ministry of defense is hacked by Anonymous which defaces the web site and post a note supporting the Syrian people |
![]() |
Defacement |
Aug 9 | Anonplus (Anonymous Social Network)
In retaliation for the defacement of the Syrian Ministry of Defence, a Syrian Group of hackers dubbed Syrian Electronic Army, has defaced (for the third time), Anonplus, the alternative Social Network in phase of deployment by Anonymous, posting several gruesome images. |
![]() |
Defacement | |
Aug 9 | Research In Motion
As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoNdefaces The Official BlackBerry Blog after RIMhas indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”. |
![]() |
SQLi? | |
Aug 9 |
![]() ![]() ![]() |
Operation Satiagraha
As part of Operation Antisec, LulzSec and Anonymous, release 5gb of documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil |
![]() |
SQLi? |
Aug 10 | ? |
University Of Wisconsin Milwaukee
The Social Security numbers of 75,000 students and employees at the University of Wisconsin-Milwaukee arE exposed after hackers planted malware in a campus server.ty-of-wisconsin-server. Estimated Cost of the Breach is $16 million. |
![]() |
APT |
Aug 10 | ? |
Hong Kong Stock Exchange (HKEx)
The Hong Kong stock exchange (HKEx) halts trading for seven stocks in the afternoon trading session after its website was attacked during the morning trading session. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks. Initially the attack was believed to have compromised the web site. Later it was discovered to be a DDoS. |
![]() |
DDoS |
Aug 12 | Headpuster |
Welt.de
An hacker called Headpuster, to protest against the sale of user data to a third party operator, hacks Welt.de using an SQL Injection (http://boot24.welt.de/index_welt..php?ac =***) and steals a large amount of data including credit card information of 30,264 users from the database He then publishes censored excerpts.Estimated cost of the breach is around $6.5 million. |
SQLi? | |
Aug 12 | ? |
Hong Kong stock exchange (HKEx)
The Hong Kong stock exchange comes under attack for the second day in a row on Thursday. The exchange blamed a Distributed Denial of Service (DDoS) attack against its news web server, hkexnews.hk. A Suspect has been arrested on Aug, the 23rd. |
![]() |
DDoS |
Aug 14 | ![]() |
Mybart.org
As part of their #OpBART and #Bart-Action in response to a temporary shutdown of cell service in four downtown San Francisco stationsto interfere with a protest over a shooting by a BART police officer, Anonymous attacks the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. They perform a SQL injection (SQLi) attack against the site and extract 2,450 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. Estimated Cost of the Breach is $524,300. |
![]() |
SQLi |
Aug 15 | ? |
GOMTV.NET
After SK, Another South Korean service provider reports a large-scale data breach of usernames and passwords for subscribers worldwide. This time, it’s the turn of Seoul-based streaming media service GOMTV to suffer a data-spilling intrusion. According to GOM TV, the breach happened early in the morning of Friday 12 August 2011 Korean time; the company sent out a warning email to its subscribers on Sunday 14 August 2011. |
![]() |
SQLi? |
Aug 16 | ![]() ![]() |
Vanguard Defense Industries
Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. The attack has been performed on August the 16th, but, as a consolidated tradtion, the torrent has been released on Friday, August the 19th. |
![]() |
Vulnerability in WordPress Hosting Platform |
Aug 16 | Ebay
Hacker group Cslsec (Can’t stop laughing security) leaks some accounts from Ebay and post them on pastebin. |
![]() |
SQLi? | |
Aug 17 | ![]() |
BART Police
A database belonging to the BART Police Officers Association is hacked, and the names, postal and email addresses of officers are posted online. Over 100 officers are listed in the document posted, as usual, on pastebin.Estimated cost of the breach is $21,400. |
![]() |
SQLi? |
Aug 20 | HSBC Korea
A turkish based hacker hacks and defaces the Korean branch of HSBC, the global banking group. |
![]() |
defacement | |
Aug 21 | pr0tect0r AKA mrNRG |
Nokia Developer Forum
The developer forum section of Nokia Website is hacked by Indian Hacker “pr0tect0r AKA mrNRG“. He was able to deface the site and access to email records. According to an official statement from Nokia a “significantly larger” number of accounts has been accessed although they do not contain sensitive information. |
![]() |
SQLi |
Aug 21 | ![]() ![]() |
Danish Government
Anonymous Hackers upload a file on Torrentcontaining the snapshot of the Danish Government database of companies. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website. |
![]() |
SQLi? |
Aug 22 | ? |
Epson Korea
Hacking in South Korea: After GOMTV.NET Epson Korea is hit by a massive data breach, involving the personal information of 350,000 registered customers. Hackers break into Epson Korea’s computer systems, and steal information including passwords, phone numbers, names, and email addresses of customers who had registered with the company. Estimated cost of the breach is $74,900,000. |
![]() |
? |
Aug 22 | Electr0n |
Libyan domain name registry
Hackers deface the nic.ly website, the main registry which administers .ly domain names (the “.ly” stands for “Libya”) and replace it withanti-Gaddafi message. |
![]() |
defacement |
Aug 22 | Allianceforcebiz.com
@ThEhAcKeR12, an admirer of Anonymous acts independently to breach an outsourced provider and steal a customer list with 20,000 log-in credentials. Many on the list were U.S. government employees. Estimated cost of the breach is around $4,280,000. |
![]() |
SQLi? | |
Aug 22 | UK MET Police As part of the Murder Military Monday, Metropolitan UK Police is hacked for #Antisec by CSL Security using SQL injection Vulnerability and the vulnerable link is also shown on Twitter and pastebin. Other attacked sites include: USarmy.com, GoArmy.com. |
![]() |
SQLi | |
Aug 23 | ![]() |
U.S. Government F-Secure discovers that on 17th of July, a military documentary program titled “Military Technology: Internet Storm is Coming” was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv. While they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target. |
![]() |
DDoS? |
Aug 24 | Cslsec
Another example of Cyberwars between different hacker crews: TeaMp0isoN hacksCslsec which claimed to be the new LulzSec |
Defacement | ||
Aug 25 | ? |
U.S. Military Base
Another example of military emails leaked by hackers. |
![]() |
SQLi? |
Aug 27 | Division Hackers Crew |
Borlas.net
Division Hackers Crew hacks the Database ofBorlas.net (Free SMS Site) and leaks the usernames, Passwords, emails and phone numbers of 14800 registered users. As usual, leaked database has been posted on pastenbin.Estimated cost of the breach is $3,167,200. |
![]() |
SQLi? |
Aug 28 | Orange.fr
Anonymous Hacker hacks Orange.fr and uploads the database and Site source code backup on file sharing site. |
![]() |
SQLi? | |
Aug 29 | Iranian Hackers |
Diginotar
A user named alibo on the Gmail forums posts a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services. The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. The fake certificate was forged by Iranian Hackers, and revoked immediately. This is the second episode of a MITM attack against Google after the Comodo Affair in May. |
![]() |
Vulnerability |
Aug 29 | ? |
Gabia (South Korean domain registrar)
Another Cyber Attack in South Korea: Gabia a South Korean domain registrar is hacked on Saturday Aug 27, according to a report Monday by the Korea Herald. The hack exposed over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers. |
![]() |
? |
Aug 29 | ![]() |
densetsu.com
Sometimes they come back: one of the lulzsec members seems to have made a quick returning hacking a child porn trading forum and leaking over 7000 accounts. |
densetsu.com | SQLi? |
Aug 30 | ![]() |
Wikileaks (1) Der Spiegel reports that a WikiLeaks file containing the original leaked US State Department cables has inadvertently been released onto the Internet. The documents have not been edited to protect sources, meaning that the lives of informants could be at risk. |
![]() |
? |
Aug 30 | ? |
Wikileaks (2) The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org “is presently under attack.” |
![]() |
DDoS |
Aug 30 | swgalaxies.net @neatstuffs leaks over 23,000 emails and passwords from a Star Wars Fan Club, and all the passwords are in clear text…sad isnt it? that a website would store so many users information with no security. |
![]() |
SQLi? |