Unfortunately, the trend of the first fortnight of October continued and the second half of the month has brought us another series of remarkable events.
The UK ISP TalkTalk has been hit once again, and despite the alleged teen authors of the hack (a failed ransom attempt) have been busted, the information of 4 million users has been leaked, putting their identities at risk.
But the trail of breaches does not stop here: 000Webhost.com (13 million of passwords leaked) and mac-torrents.com (“only” 95,000 records affected) have also been hit hard.
Other noticeable targets of this fortnight include Vodafone and British Gas (details of about 2,000 users leaked online in both cases).
The hacktivists were equally quite active: in a spree of different operations, hacker affiliated to the Anonymous collective knocked down several websites affiliated with racist content and ideologies, the website of CAT Telecom, a Thai state-owned telco operator and a bunch of Egyptian and Lebanese government websites.
On the Cyber Espionage front, the chronicle reported yet another cyber attack perpetrated by the North Korea against their Southern neighbors (how strange), and a campaign against the international investigation team of the MH17 plane crash perpetrated by the same actors behind the Operation Pawn Storm.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link Tags
1 08/10/2015 ? Emergence Health Network Emergence Health Network(EHN) notifies 11,100 patients of an unauthorized access of a server containing protected health information. Targeted Attack Healthcare CC US http://www.databreaches.net/tx-emergence-health-network-notifies-11100-mental-health-patients-of-possible-phi-breach/ Emergence Health Network
2 13/10/2015 ? EyeBuyDirect An undisclosed number of individuals are notified that unauthorized access was gained to EyeBuyDirect's website and personal information, including payment card data, may have been compromised. Unknown Industry: Retail CC US http://www.scmagazine.com/eyebuydirect-announces-website-breach-payment-cards-affected/article/448565/ EyeBuyDirect
3 16/10/2015 ?(China?) Permanent Court of Arbitration in The Hague Bloomberg reveals that the web page of the Permanent Court of Arbitration in The Hague was comporomised with malware on July, during the the third day of the hearing on the territorial dispute in the South China. Suspects are directed to China. Targeted Attack Government CE NL http://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/ http://www.bloomberg.com/news/articles/2015-10-15/chinese-cyber-spies-fish-for-enemies-in-south-china-sea-dispute
4 16/10/2015 ?(China?) Woods Hole Oceanographic Institution
Woods Hole Oceanographic Institution declares to have suffered a “sophisticated, targeted attack” allegedly originated from China. The breach turns out to have started back in February 2013 Targeted Attack Org: Non-Profit CE US http://qz.com/526287/one-of-americas-premier-research-institutions-was-hacked-and-the-signs-point-to-china/ Woods Hole Oceanographic Institution, WHOI
5 18/10/2015 CWA John Brennan A teen hacker with the nickname CWA claims to have hacked an AOL e-mail account belonging to John Brennan, the director of the CIA. The attacker claims to have obtained sensitive documents and release a small spreadsheet with alleged personal information for a number of former and current government officials. Account Hijacking Single Individuals H US http://nypost.com/2015/10/18/stoner-high-school-student-says-he-hacked-the-cia/
John Brennan, CWA, CIA
6 18/10/2015 ? Road Sign Another road sign hacked. This time it happens in downtown Sacramento. Unknown Road Sign CC US http://www.thestate.com/news/traffic/article39874323.html Sacramento
7 19/10/2015 mr.nsaany AKA @mr.nsaany
http://forums.phpfreaks.com A hacker dubbed mr.nsaany AKA @mr.nsaany hacks forums.phpfreaks.com and leaks the entire database (allegedly 173.000 users). SQLi Online Forum CC US http://www.databreaches.net/php-freaks-forum-database-hacked/ mr.nsaany, @mr.nsaany, forums.phpfreak.com
8 20/10/2015 ? Magento-Powered e-commerce sites Security researchers warn of a large campaign against Magento-powered e-commerce sites that is redirecting users to the Neutrino exploit kit. Magento Vulnerability Single Individuals CC >1 http://www.theregister.co.uk/2015/10/20/neutrino_exploit_kit_attacks_hit_thousands_of_magento_shops/ Magento, Neutrino Exploit Kit
9 20/10/2015 ph1k3 http://www.gobol.in/ And this is the example of a website hacked exploiting a Magento Vulnerability: a hacker dubbed ph1k3 hacks gobol.in and claims to have exploited a Magento vulnerability. Magento Vulnerability Industry: E-Commerce CC IN http://siph0n.net/exploits.php?id=4122 ph1k3, gobol.in, Magento
10 20/10/2015 Team Pak Cyber Experts Official Website Of Passport Office Kolkata
Another episode of the Cyber War between India and Pakistan: a group of Pakistani hackers dubbed Team Pak Cyber Experts defaces the Official Website Of Passport Office Kolkata (passportofficekolkata.in). Defacement Government CW IN https://www.incpak.com/world/official-website-of-passport-office-kolkata-hacked-by-pakistani-hackers/ Team Pak Cyber Experts, Official Website of Passport Office Kolkata, passportofficekolkata.in
11 21/10/2015 North Korea South Korea South Korea's intelligence agency reports that North Korean hackers accessed servers belonging to the Blue House, the executive office of South Korea, and stole data from computers belonging to members the nation's legislature. Targeted Attack Government CE KR http://www.scmagazine.com/north-korean-hackers-breach-south-koreas-executive-office-servers/article/448582/ North Korea, South Korea, Blue House
12 21/10/2015 ? Several Primary Websites including eBay.de and T-Online.de Malwarebytes identifies a large malvertising campaign targeting German users on some popular web sites such as eBay.de or T-Online.de Malvertising Single Individuals CC DE https://blog.malwarebytes.org/malvertising-2/2015/10/kampagnen-malvertising-campaign-goes-after-german-users/ Malwarebytes, eBay.de, T-Online.de
13 21/10/2015 Amped Attacks AKA sgtbilko420 Several websites affiliated with KKK and other racist content A hacker, who goes by the name sgtbilko420, takes down several websites affiliated with the KKK and online stores selling racist paraphernalia. Targets include the KKK, the Westboro Baptist Church, a site linked to the Islamic State and even Steven Harper, the recently-departed Canadian prime minister. DDoS Org: Politics H >1 http://www.wired.co.uk/news/archive/2015-10/22/anonymous-hacker-takedown-racist-websites sgtbilko420, Amped Attacks
14 22/10/2015 ? TalkTalk TalkTalk, a UK phone and broadband provider, warns its 4 million customers that attackers could have gained access to their names, addresses, credit card and bank details, dates of birth, phone numbers, email addresses and TalkTalk account information.
Few days later, police arrests four teenagers in connection with the cyberattack.
Unknown Industry: Telco CC UK http://www.cnet.com/news/isp-talktalk-hit-by-significant-and-sustained-cyberattack-in-uk/
15 22/10/2015 Pawn Storm MH17 Investigation Team Trend Micro reveals that the same hackers behind Operation Pawn Storm targeted the international investigation team of the MH17 plane crash from different sides. Targeted Attack Government CE >1 http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-targets-mh17-investigation-team/
MH17, Pawn Storm, Trend Micro
16 23/10/2015 The Equation Group (allegedly linked to NSA?) German Unit of the Federal Chancellery
Der Spiegel reports that Regin, the highly sophisticated state sponsored malware, has been discovered infecting the laptop computer of a head of the German Unit of the Federal Chancellery. Targeted Attack Government CE DE http://arstechnica.com/tech-policy/2015/10/top-german-official-infected-by-highly-advanced-spy-trojan-with-nsa-ties/ Regin, NSA, The Equation Group, German Unit of the Federal Chancellery
17 23/10/2015 ? Xero Cloud-based accounting service Xero has tell its customers to reset their passwords after a "small number" of users had their accounts compromised.
Account Hijacking Industry: Software CC NZ https://grahamcluley.com/2015/10/online-accounting-software-xero-tells-users-reset-passwords-accounts-breached/ Xero
18 23/10/2015 ? Essex Police Twitter Account Essex Police Twitter Account (@EssexPoliceUK) is hacked and posts a bogus tweet directing the user to a page hosting an offensive picture Account Hijacking Law Enforcement CC UK http://www.theguardian.com/uk-news/2015/oct/23/essex-police-apologise-after-hackers-hijack-twitter-account
Essex Police, Twitter, @EssexPoliceUK
19 23/10/2015 Anonymous CAT Telecom Pcl
In name of #OpSingleGateway (Thai government’s single gateway plan) the Anomymous take down the website of CAT Telecom Pcl, and leaks some data allegedly stolen from the Telco company website. Unknown Industry: Telco H TH https://www.hackread.com/anonymous-targets-thai-govt-telecom-firm/
Anonymous, CAT Telecom Pcl, cattelecom.com
20 24/10/2015 Anonymous R4BIA TEAM Egyptian government websites A collective affiliated with the Anonymous called Anonymous R4BIA Team takes down several Egyptian government websites including the Egiptyan Presidency website, the Cabinet Decision Support Center (CDSC), the Ministry of Tourism, Ministry of planning, Supreme council of press, Center for Information and Decision Support, Egypt information portal, Egyptian Observatory site, National Planning Institute and several other high-profile government-owned sites. Defacement Government H EG https://www.hackread.com/anonymous-hacks-egyptian-presidency-website/ Anonymous R4BIA TEAM
21 24/10/2015 Fallaga Team
Film Federation of India
A Tunisian Muslim group dubbed Fallaga Team defaces the website of the Film Federation of India (filmfed.org) to protest against the killing of Muslims in Myanmar. Defacement Org: Entertainment H IN http://www.nyoooz.com/hyderabad/240398/tunisian-muslim-groups-hacks-film-federation-of-india-website-to-protest-killing-of-muslims-in-myanmar Fallaga Team, FIlm Federation of India, filmfed.org, Myanmar
22 25/10/2015 Anonymous Lebanon AKA @AnonLeb2015 Several Lebanon Government Websites The Lebanese branch of the Anonymous defaces several Lebanon Government Websites. Defacement Government H LB https://twitter.com/AnonLeb2015/status/658410544043589632 Anonymous Lebanon, @AnonLeb2015,
23 25/10/2015 ? https://www.amzreviewtrader.com/ An anonymous hacker hacks amzreviewtrader.com and dumps nearly 2500 usernames and clear text passwords. SQLi Online Services CC US http://siph0n.net/exploits.php?id=4125 amzreviewtrader.com
24 26/10/2015 ? Wichita Schools. The Wichita, Kansas public school system is investigating a possible hacking attempt on one of its networks that took place on Oct. 23.
Unknown Education CC US http://www.scmagazine.com/wichita-schools-investigates-possible-cyber-attack/article/449481/ Wichita
25 27/10/2015 ? 000Webhost.com 13 million passwords appear to have been leaked from 000Webhost, a free service provider.
SQLi Industry: Hosting CC CY http://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/?ss=Security
26 28/10/2015 ? British Gas British Gas contacts about 2,200 of its customers to warn them that their email addresses and account passwords are posted online. The company declares that the accounts come from an external source.
Unknown Industry: Utilities CC UK http://www.bbc.com/news/technology-34663210
27 28/10/2015 ? Jaguar XFR A Jaguar car has reportedly been ‘hacked' in Auckland New Zealand. An individual entered into a car dealership in New Zealand's largest city and stole a Jaguar XFR, worth nearly £80,000.
N/A CC NZ http://news.softpedia.com/news/despite-new-equipment-rutgers-university-goes-down-after-ddos-attack-493155.shtml Jaguar
28 29/10/2015 ? Optimal Payments PLC Optimal Payments Plc declares to be investigating allegations that personal data belonging to some of its customers could have been compromised and being available in the dark web. According to the allegations the breaches had occurred at two of its units back in 2012 or earlier. Unknown Industry: Online Payments CC UK http://uk.reuters.com/article/2015/10/29/us-optimal-payments-cybercrime-idUKKCN0SN0OR20151029 Optimal Payments Plc
29 29/10/2015 9 Yellowfront Grocery Yellowfront Grocery in Damariscotta, Maine, notifies its customers via Facebook that it had experienced a point-of-sale (POS) breach on Oct 23. PoS Malware Industry: Retail CC US http://www.scmagazine.com/yellowfront-grocery-notified-customers-via-facebook-of-pos-breach/article/450345/
30 29/10/2015 KelvinSecTeam http://www.misionsucre.gob.ve/ KelvinSecTeam hacks a subdomain of the Venezuelan Education Ministry and dumps 2,788 usernames and clear text passwords. Unknown Government CC VE http://pastebin.com/xh93uwpN KelvinSecTeam, misionsucre.gob.ve
31 29/10/2015 NetherlandsMoDz http://asialawhouse.com/ A hacker calling himself NetherlandsMoDz claims to have hacked asialawhouse.com and dumps nearly 7,000 usernames and clear text passwords. Unknown Industry: E-Commerce CC IN http://pastebin.com/nAzu3Xkr NetherlandsMoDz, asialawhouse.com
32 30/10/2015 ? Unidentified National Firm The First National Bank of Omaha issues new debit cards to customers in seven US states after a large data breach at an unidentified national firm. Unknown N/A CC US http://www.bbc.com/news/world-asia-34409343 First National Bank of Omaha
33 30/10/2015 ? https://www.aussiefarmers.com.au An unknown hacker hacks aussiefarmers.com.au and dumps more than 5,500 personal records. Unknown Industry: E-Commerce CC AU http://siph0n.net/exploits.php?id=4143 aussiefarmers.com.au
34 30/10/2015 ? http://thaiind.com/
An anonymous hacker hacks three Thailand e-commerce sites in a single shot and dumps approximately 5900 usernames and hashed passwords for each one of them. Unknown Industry: E-Commerce CC TH http://siph0n.net/exploits.php?id=4150
thaiind.com, pukpik.com, ads.thaimisc.com
35 30/10/2015 Photon AKA @PhotonicProton Computing Science Inside - University of Glasgow
A hacker calling himself @PhotonicProton hacks a subdomain of the University of Glasgow and dumps 3,091 records with clear text passwords. Unknown Education CC UK http://siph0n.net/exploits.php?id=4154 Photon, @PhotonicProton, csi.dcs.gla.ac.uk
36 31/10/2015 ? Vodafone
Vodafone declares that 1,827 customers had their accounts accessed, with criminals potentially gaining their names and some bank
details.But it insists its systems had not been breached.
Unknown Industry: Telco CC UK http://pastebin.com/C17sguxM Vodafone
37 31/10/2015 ? PageFair Pagefair, the analytics service that estimates the revenue loss due to Ad-blockers is compromised to distribute malware. Around 500 publishers are affected. Targeted Attack Industry: Software CC IE http://blog.pagefair.com/2015/halloween-security-breach/ PageFair
38 31/10/2015 Photon AKA @PhotonicProton http://www.mac-torrents.com/ @PhotonicProton hacks mac-torrents.com and dumps nearly 95,000 records with usernames and hashed passwords. Unknown Torrent Tracker CC US http://siph0n.net/exploits.php?id=4156 Photon, @PhotonicProton, mac-torrents.com
39 31/10/2015 Virushacker Several colleges across Kolkata (India) A Pakistani hacker dubbed Virushacker defaces several colleges across Kolkata including: Mohan College, Maharaja Manindra College, and Anandamohan College. Defacement Education CW IN http://www.dnaindia.com/india/report-websites-of-several-kolkata-colleges-hacked-2140527 Virushacker, Kolkata, Mohan College, Maharaja Manindra College, and Anandamohan College