Ataques e Vazamento de Dados em 2019

Views: 810

Fazendo um apanhado dos ataques e vazamentos de dados que ocorreram em 2019. Parei em Novembro… Ainda falta dezembro… Lembrou de mais algum ? Coloca nos comentários, por favor…

 Janeiro

• Blur password manager (2.4 milhões)
• BlankMediaGames – BMG (7.6 milhões)
• DiscountMugs.com (quantidade não divulgada)
• BenefitMall (quantidade não divulgada)
• Managed Health Services of Indiana (31.000)
• Oxo (quantidade não divulgada)
• Oklahoma Department of Securities (quantidade não divulgada)
• Fortnite (quantidade não divulgada)
• Mega Website (773 milhões)
• Elasticsearch (108 milhões)
• BlackRock (20.000)
• Graeters Ice Cream (12.000)
• Critical Care, Pulmonary & Sleep Associates (23.000)
• Ascension Data Analytics (24 milhões)
• Alaska Department of Health & Social Services (100.000)
• Houzz Home Improvement (quantidade não divulgada)
• Salisburry Police Department (Malware)
• Swiss Woman Living in The US (Account Hijacking)
• Tampa Bay Credit Union (Credit Card Spoofing)
• ATLAS online Game (Account Hijacking)
• Valley Hope Association (Account Hijacking)
• Graeter’s Ice Cream (Malicious Script Injection)
• Cidade de Sammamish (Malware)
• Nest Cameras Worldwide (Credential Stuffing)
• Altran Technologies (Malware)
• Universiti Teknologi Mara (1.164.540)
• Critical Care Pulmonary & Sleep Associates (Account Hijacking)
• LocalBitcoins (Account Hijacking)
• BenefitMail (Account Hijacking)
• Roper St. Francis Heathcare (Account Hijacking)
• Airbus (Account Hijacking)
• Kwik Fit (Malware)
• St Lawrence College (Account Hijacking)
• Chaplaincy Healthcare (Account Hijacking)
• Caddo Parish School System (Account Hijacking)
• Discountmugs.com (Malicious Script Injection)
• The Shift News (DDoS)
• Redbanc (Targeted Attack)
• Cidade de Del Rio (Malware)

 Fevereiro

• Catawba Valley Medical Center (20.000)
• Dukin’ Donuts (quantidade não divulgada)
• Huddle House Dining and Fast Food (quantidade não divulgada)
• EyeSouth Partners (24.000)
• 500px Photo Sharing (14.8 milhões)
• Metro Bank (SS7 Attack)
• Huddle House (PoS Malware)
• Mount Zion School District (Malware)
• Roper St. Francis Healthcare (Account Hijacking)
• Trakt (Malicious Script)
• Pawnee County Memorial Hospital (Malware) 
• Pharmaca (PoS Malware)
• OkCupid (Credential Stuffing)
• Reserve Bank of India (Malware)
• North Country Business Products (PoS Malware)
• Memorial Hospital (Account Hijacking)
• AltaMed Health Services Corporation (5.767)
• Coffes Meets Bagel (6 milhões)
• Advent Health (42.000)
• LandMark White (100.000)
• Chester Country (Malware)
• ATM Cash Dispenser (Malware)
• Cabrini Hospital (Malware)
• UK’s Labour Party (Brute Force)
• Uconn Health (Account Hijacking)
• Pompano Beach (Malware)
• VMWare Horizon PoS thin Clients (PoS Malware)
• Florida Keys Community College (Account Hijacking)
• International Hedge Funds (Account Hijacking)

 Março

• Dow Jones (2.4 milhões)
• UW Medicine (1 milhão)
• Gearbest Chinese eCommerce (1.5 milhões)
• Facebook (600 milhões)
• Federal Emergency Management Agency (1.8 milhões)
• Oregon Department of Human Services (2 milhões)
• Earl Enterprises (2 milhões)
• Verifications.io (980 milhões)
• Hexion Chemical Company (Malware)
• Netflix Users (Account Hijacking)
• Orange Country (Malware)
• Frederick Regional Health System (Account Hijacking)
• Haylands Primary School (Malware)
• MyPillow.com (Malicious Script Injection)
• Amerisleep (Malicious Script Injection)
• Oregon Departments of Human Services (Account Hijacking)
• UK Police Federation (Malware)
• Police Federation of England and Wales (Malware)
• Human Development Center (Account Hijacking)
• Navicent Health (Account Hijacking)
• Superior Dental Care (Account Hijacking)
• Oregon Govermment (Account Hijacking)
• Earl Enterprises (PoS Malware)
• City of Albany (Malware) 

 Abril

• Georgia Tech (1.3 milhões)
• Facebook (540 milhões)
• Bodybuilding.com (9 milhões)
• Microsoft Email Services (quantidade não divulgada)
• Atlanta Hawks (quantidade não divulgada)
• Palmetto Health (Account Hijacking)
• Womens’Health USA (Account Hijacking)
• Arizona Beverages (Malware)
• Genesee Country (Malware)
• Verizon Customers (Account Hijacking)
• Cidade de Tailahassee (Account Hijacking)
• Bayer (Targeted Attack)
• Health Recovery Services (20.485)
• Clearway Pain Solutions (35.000)
• Metrocare Services (Account Hijacking)
• Zilliqa (Account Hijacking)
• RS Medical (Account Hijacking)
• Weslaco Regional Rehabilitation Hospital (Account Hijacking)
• King’s College London (Brute Force)
• Cidade de Greenville (Account Hijacking)
• Questcare Medical Services (Account Hijacking)
• Kyushu Railway Co. (8.000)
• Garfield Country (Malware)
• Cidade de Stuart (Malware)
• Cidade de Stratford (Malware)
• Wipro Ltd.  (Account Hijacking)

 Maio

• AMC Networks (1.6 milhões)
• Freedom Mobile (1.5 milhões)
• Canva (139 milhões)
• First American Financial Corp (885 milhões)
• Chtrbox Mumbai social media (49 milhões)
• Flipboard (quantidade não divulgada)
• Checkers Restaurants (quantidade não divulgada)
• Singapore Red Cross (4.000)
• Oregon Construction Contractors Board (8.013)
• Cancer Treatment Centers of America (Account Hijacking)
• LibertyBus (Account Hijacking)
• US Air Force (Targeted Attack)
• Flipboard (Numeros não divulgados)
• Checkers and Rally’s (PoS Malware)
• People Inc. (Account Hijacking)
• Leicester City FC (Malicious Script Injection)
• Broome Country (Account Hijacking)
• Gannett Co. (18.000)
• HandBrake (Malware)
• FCC – Federal Communications Commission (DDoS)
• France Central Bank (Account Hijacking)
• Cedexis (DDoS)
• Edmodo (78 Milhões)
• Brooks Brothers (PoS Malware)

 Junho

• Quest Diagnostics (11.9 milhões)
• Labcorp (7.7 milhões)
• Mars Mission Data 
• Broome Country (Account Hijacking)
• Eurofins Scientific (Account Hijacking)
• Auburn Food Bank (Malware)
• Dave East (Account Hijacking)
• Emuparadise (1.1 milhões)
• Lake City (Malware)
• Nova Scotia Health Authority (Account Hijacking)
• ASCO (Malware)
• Telegram (DDoS)
• Cidade de Edcouch (Malware)
• Cidade de Burlington (Account Hijacking)
• Estes Park Health (Malware)
• N.E.O Urology (Malware)
• Graceland University (Account Hijacking)
• Oregon State University (Account Hijacking)
• Emuparadise Gaming Emulator (11 milhões)
• Olean Medical Group (Malware)
• Seneca Nation Health System (Malware)
• Australian Catholic University (Account Hijacking)
• Tenx Systems (Malware)
• Riviera Beach (Malware)
• Steam Users (Account Hijacking)
• Cidade de Sun Prairie (Account Hijacking)
• Instragram Users (Account Hijacking)
• Bem Gurion Airport (GPS Spoofing)

 Julho

• Maryland Dept of Labor (78.000)
• Georgia Court System (Malware)
• Canonical Ltd (Account Hijacking)
• American Land Title Association (Account Hijacking)
• La Porte Country (Malware)
• Gila Country (Malware)
• Philadelphia Federal Credit Union (400)
• Arlington Country (Account Hijacking)
• Nemadji Research Corporation (14.591)
• Amazon Customers (Account Hijacking)
• Cidade de New Bedford (Malware)
• Los Angeles Country Department of Health Services (14.600)
• Bulgaria’s National Revenue Agency (5 milhões)
• QuickBit (300.000)
• Capital One (100 milhões)
• SyTech (7.5 Terabytes)
• Foodpanda Singapore (Account Hijacking)
• Telegram Users (Malware)
• Sprint Mobile (Account Hijacking)
• American Express Users (Account Hijacking)
• University of Alabama (1.400)
• Slack (Account Hijacking)
• Asian Art Museum in San Francisco (Malware)
• Henry Country (Malware)
• Bahamas Ministry of Tourism (Malware)
• Cidade de Collerville (Malware)
• Lancaster University (Account Hijacking)
• Midlands Technical College (Malware)
• University of Hawaii (70.000)
• Morehouse Parish School District (Malware)
• Sabine Parish School District (Malware)
• Quachita Parish School District (Malware)
• Vigo Country (Malware)
• City Power South Africa (Malware)
• Autoridades Brasileiras (Telegram Attack)
• Georgia State Patrol (Malware)
• Georgia Capitol Police (Malware)
• Cidade de Concord (Defacement)
• DNSForum (Account Hijacking)

 Agosto

• Poshmark Fashion Plataform (50 milhões)
• CafePress (23 milhões)
• Suprema Biometrics (1 milhão)
• Hostinger (14 milhões)
• LIHKG (DDoS)
• Governo da Argentina (700Gb)
• Spotsylvania Country (Account Hijacking)
• Michigan Medicine (5.000)
• NordVPN Service (Malware)
• Portland Public Schools (Account Hijacking)
• RubyGems Users (Malicious Code Injection)
• PokerTracker.com (Malicious Script Injection)
• City of Saskatoon (Account Hijacking)
• Hospital of San Joaquin (Malware)
• Massachusetts General Hospital (9.900)
• Alberta Health Services (7.000)
• Sonoma Valley Hospital (Domain Hijacking)
• Rockville Center N.Y. School District (Malware)
• Lake Country (Malware)
• StockX (6.8 Milhões)
• Cidade de Naples, Florida (Account Hijacking)
• SuperINN (SQL Injection)
• Presbyterian Healthcare Services (Account Hijacking)
• Murfreesboro Water Department (Defacement)
• AT&T (Malware)
• Camp Verde Unified School District (Malware)
• Walmart Users (Account Hijacking)
• National Baseball Hall of Fame (Malicious Script Injection)
• Township of Maplewood (Malware)
• Air New Zealand (Account Hijacking)
• Universidade da Florida (Defacement)
• Choice Hotels (700.000)
• Cracked.to (321.000)
• Indian Army (Malware)
• Hy-Vee (PoS Malware)

 Setembro

• Get Facilitate Payments (50.000)
• BleachBit Users (Malware)
• City Of New Bedford (Malware)
• Wolcott School District (Malware)
• UC Health (Account Hijacking)
• Sherman School (Malware)
• Meridian Community College (Account Hijacking)
• Hong Kong Exchanges and Clearing Limited (DDoS)
• Wikipedia (DDoS)
• World of Warcraft Classic (DDoS)
• Premier Family Medical (Malware)
• Novaestrat (20 milhões)
• Malindo Air (quantidade não divulgada)
• Magelian Health (Account Hijacking)
• Meridian Lightweight Technologies (Malware)
• Kent State University (Account Hijacking)
• Cancer Treatment Centers Of America at Southeastern Regional Medical Center (Account Hijacking)
• Catholic Health Initiative at Lakeside Hospital (Malware)
• Bradford City Hall (Malware)
• Travis Central Appraisal (Malware)
• Sarrell Dental (Malware)
• Thinkful (Account Hijacking)
• Twitter (Fake Social Accounts)
• Cool Ideas (DDoS)
• Youtube (Account Hijacking)
• Grandi Navi Veloci (Malicious Script Injection)
• City of Woodstock (Malware)
• Union City (Malware)
• Instagram Users (Account Hijacking)
• Guthrie Public School (Malware)
• Mobile Country Public Schools (Malware)
• Office365 Users (Account Hijacking)
• Airbus  (quantidade não divulgada)
• Rheinmetall Automotive (Malware)
• Defense Construction Canada (Malware)
• Listowel Hospital (Malware)
• Wingham Hospital (Malware)
• Brazilian Citizens (92 milhões)
• Zynga (218 milhões)
• Demant (Malware)

 Outubro

• Web.com (quantidade não divulgada)
• 7-Eleven (quantidade não divulgada)
• UniCredt (3 milhões)
• International Airport in Europe (Malware)
• BillTrust (Malware)
• WordPress Sites (Malicious WordPress Plugins)
• University Malaya (Account Hijacking)
• TorGuard (quantidade não divulgada)
• San Bernardino City Unfied School District (Malware)
• Avast (Account Hijacking)
• Amazon AWS (DDoS)
• Lottomatica (DDoS)
• Kalispeli Regional Healthcare (Account Hijacking)
• Human Rights – UNICEF, UM World Food (Account Hijacking)
• City of Johannesburg (Malware)
• South African Banks (Malware)
• Procter & Gamble’s Firts Aid Beauty (Malicious Script Injection)
• Betty Jean Kerr People’s Health Center (Malware)
• City of Ocala (Email Scan)
• Krystal (PoS Malware)
• American Cancer Society (Malicious Script Injection)
• Bed Bath & Beyond (quantidade não divulgada)
• Las Cruces Public Schools (Malware)
• Marriott International (quantidade não divulgada)
• Ontario Science Centre (Account Hijacking)
• Utah Valley Eye Center (quantidade não divulgada)
• TransUnion (37.000)
• DCH Regional Medical Center in Tuscaloosa (Malware)
• Northport Medical Center (Malware)
• Fayette Medical Center (Malware)
• Luzerne Country (Malware)
• Gorgon Group (Malware)
• City of Cornella (Malware)
• Tukwila School District (Account Hijacking)
• Montgomery Country Public School (Brute Force)
• Goshen Health (Account Hijacking)
• University of Alabama at Bitmingham (Account Hijacking)
• Italian Democratic Party (SQL Injection)
• TOMS Shoes (quantidade não divulgada)
• Beeline (8.7 milhões)

 Novembro

• Database Descoberto (1.2 bilhões)
• T-Mobile (1 milhão)
• OnePlus (quantidade não divulgada)
• National Veterinary Associates (Malware)
• Sag Harbor’s Pierson High School (Malware)
• Liver Wellness (Account Hijacking)
• Louisiana State Govermment (Malware)
• EpicBot (800.000)
• Chicopee Public Schools (Malware)
• Edenred Payment Solution (Malware)
• Cidade de Dothan (Malicious Script Injection)
• Livingston School District (Malware)
• Virtual Care Provider Inc. (Malware)
• Catch Hospitality Group (PoS Malware)
• New York City Police Department (Malware)
• Prosegur (Malware)
• Digital Insights (Account Hijacking)
• Everts IT Services (Malware)
• Lincoln Country School District (Malware)
• InterMed (Account Hijacking)
• Lyca Mobile (5.4 Gbytes)
• Boardriders (Malware)
• ConnectWise (Malware)
• Pemex (Malware)
• Disney+ (Account Hijacking)
• Arvan (DDoS)
• Starling Physicians (Account Hijacking)
• Select Health (Account Hijacking)
• Cidade de San Angelo (Malicious Script Injection)
• Macy’s (Malicious Scripts Injection)
• CAH Holdings (Account Hijacking)
• Jackson County Georgia (Malware)

AUTOR: Felipe Prado – Ethical Hacker / IBM Brazil Digital Influencer

FONTE: LINKEDIN