Data on 92M Brazilians found for sale on underground forums
In October 92 million Brazilians had their name, birth date, mother’s name, gender and tax details including taxpayer IDs exposed contained in a Brazilian government 16GB SQL database was found for sale on a dark web forum.
DoorDash data breach hits 4.9 million customers, merchants and drivers
Food delivery service DoorDash confirmed in September that a data breach affecting 4.9 million customers and merchants took place in May and included general PII and partial payment card information. The breach was caused when a third-party vendor was accessed on May 4, 2019 and was able to gain access to information including names, email addresses, delivery addresses, order history, phone numbers and hashed, salted passwords. Additionally, the driver’s license numbers of at least 100,000 Dashers were accessed and the last four digits of some customer credit cards were also exposed, but not the full number or CVV, DoorDash said.
Facebook’s ugly 2019
The social media giant found itself in the news multiple times during the year including one massive breach that exposed 419 million Facebook users when their information was gleaned from several unprotected databases. In this instance the information disclosed included unique identifiers and phone numbers.
An even larger breach made the news in April when 540 million Facebook member records exposed by an unsecure AWS S3 bucket owned by Cultura Colectiva and a now defunct Facebook-integrated app called “At the Pool.”
Then there was the revelation in April when Facebook admitted it unintentionally harvested 1.5 million users’ email contacts via a verification feature without the owners consent.
Againin April it was found that Facebook had been storing hundreds of millions of users passwords in plain text for years.
Data breach of Hostinger exposes 14 million users
Web hosting provider and internet domain registrar Hostinger International, Ltd. disclosed in August that an unauthorized third party breached its internal system API and gained access to data belonging to roughly 14 million users. In addition to hashed passwords, affected information included usernames, emails, first names and IP addresses.
Info on 80 million American households found in open database
In April an unidentified open database containing 24GB of records detailing information on 80 million American households. VPNMentor’s research team of Noam Rotem and Ran Locar found the database hosted on a Microsoft cloud server containing extremely detailed information about individual homes ranging from the owners name, address, age, map coordinates and birthdates. Other information included, but noted in a numerical code, is gender, marital status, income, homeowner status and dwelling type.
Town of Salem breach affects 7 million accounts
The Town of Salem (video game) was hit with a massive data breach in late December 2018 that exposed the information on more than 7 million users when someone gained access to the game’s database. The compromised data includes usernames, emails, passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP addresses, game and forum activity, and some payment card information for those members who have paid for the games premium services.
Double exposure: 24 million loan records also exposed on open Amazon S3 bucket
An open Elasticsearch database was found in January that exposed 24.3 million mortgage and credit reports. Independent cybersecurity researcher Bob Diachenko found the 51GB of optical character recognition recorded data records that contained very sensitive PII including Social Security numbers, names, phones, addresses, credit history, and other details which are usually part of a mortgage or credit report.
From the December 2019/January 2020 Reboot Issue of SC Media
