CyberAlerts

Description: In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".

Source: HaveIBeenPwnedLatestBreaches

February 4th, 2025 (3 months ago)

Ransomware Groups Weathered Raids, Profited in 2024

Description: Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware.

Source: Dark Reading

February 3rd, 2025 (3 months ago)

Amazon Redshift gets new default settings to prevent data breaches

Description: Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...]

Source: BleepingComputer

February 3rd, 2025 (3 months ago)

1win - 96,166,543 breached accounts

Description: In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.

Source: HaveIBeenPwnedLatestBreaches

February 3rd, 2025 (3 months ago)

DragonNest - 511,290 breached accounts

Description: In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords. The service later suffered a massive data loss.

Source: HaveIBeenPwnedLatestBreaches

February 3rd, 2025 (3 months ago)

9Lives - 109,515 breached accounts

Description: In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.

Source: HaveIBeenPwnedLatestBreaches

February 2nd, 2025 (3 months ago)

BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key

Description: BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged

Source: TheHackerNews

February 1st, 2025 (3 months ago)

Community Health Center Data Breach Affects 1M Patients

Description: The CHC remains operational, but a host of personal data is now in the hands of a "skilled cybercriminal," it said.

Source: Dark Reading

January 31st, 2025 (3 months ago)

Blastoise Claims to have Leaked Data from the 2019 Data Breach of Storenvy

Description: Blastoise Claims to have Leaked Data from the 2019 Data Breach of Storenvy

Source: DarkWebInformer

January 31st, 2025 (3 months ago)

IntelBroker and EnergyWeaponUser Claim to Have Leaked Hewlett Packard Enterprise GTCAAS Source Code, Credentials, API Tokens and More in a Second B...

Description: IntelBroker and EnergyWeaponUser Claim to Have Leaked Hewlett Packard Enterprise GTCAAS Source Code, Credentials, API Tokens and More in a Second Breach

Source: DarkWebInformer

January 31st, 2025 (3 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	PoinCampus - 89,116 breached accounts Description: In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Source: HaveIBeenPwnedLatestBreaches February 4th, 2025 (3 months ago)
	Ransomware Groups Weathered Raids, Profited in 2024 Description: Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware. Source: Dark Reading February 3rd, 2025 (3 months ago)
	Amazon Redshift gets new default settings to prevent data breaches Description: Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...] Source: BleepingComputer February 3rd, 2025 (3 months ago)
	1win - 96,166,543 breached accounts Description: In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. Source: HaveIBeenPwnedLatestBreaches February 3rd, 2025 (3 months ago)
	DragonNest - 511,290 breached accounts Description: In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords. The service later suffered a massive data loss. Source: HaveIBeenPwnedLatestBreaches February 3rd, 2025 (3 months ago)
	9Lives - 109,515 breached accounts Description: In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes. Source: HaveIBeenPwnedLatestBreaches February 2nd, 2025 (3 months ago)
	BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key Description: BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged Source: TheHackerNews February 1st, 2025 (3 months ago)
	Community Health Center Data Breach Affects 1M Patients Description: The CHC remains operational, but a host of personal data is now in the hands of a "skilled cybercriminal," it said. Source: Dark Reading January 31st, 2025 (3 months ago)
	Blastoise Claims to have Leaked Data from the 2019 Data Breach of Storenvy Description: Blastoise Claims to have Leaked Data from the 2019 Data Breach of Storenvy Source: DarkWebInformer January 31st, 2025 (3 months ago)
	IntelBroker and EnergyWeaponUser Claim to Have Leaked Hewlett Packard Enterprise GTCAAS Source Code, Credentials, API Tokens and More in a Second B... Description: IntelBroker and EnergyWeaponUser Claim to Have Leaked Hewlett Packard Enterprise GTCAAS Source Code, Credentials, API Tokens and More in a Second Breach Source: DarkWebInformer January 31st, 2025 (3 months ago)