Ataques e Vazamento de Dados em 2019

Views: 139
0 0
Read Time:8 Minute, 20 Second

Fazendo um apanhado dos ataques e vazamentos de dados que ocorreram em 2019. Parei em Novembro… Ainda falta dezembro… Lembrou de mais algum ? Coloca nos comentários, por favor…

 Janeiro

  • Blur password manager (2.4 milhões)
  • BlankMediaGames – BMG (7.6 milhões)
  • DiscountMugs.com (quantidade não divulgada)
  • BenefitMall (quantidade não divulgada)
  • Managed Health Services of Indiana (31.000)
  • Oxo (quantidade não divulgada)
  • Oklahoma Department of Securities (quantidade não divulgada)
  • Fortnite (quantidade não divulgada)
  • Mega Website (773 milhões)
  • Elasticsearch (108 milhões)
  • BlackRock (20.000)
  • Graeters Ice Cream (12.000)
  • Critical Care, Pulmonary & Sleep Associates (23.000)
  • Ascension Data Analytics (24 milhões)
  • Alaska Department of Health & Social Services (100.000)
  • Houzz Home Improvement (quantidade não divulgada)
  • Salisburry Police Department (Malware)
  • Swiss Woman Living in The US (Account Hijacking)
  • Tampa Bay Credit Union (Credit Card Spoofing)
  • ATLAS online Game (Account Hijacking)
  • Valley Hope Association (Account Hijacking)
  • Graeter’s Ice Cream (Malicious Script Injection)
  • Cidade de Sammamish (Malware)
  • Nest Cameras Worldwide (Credential Stuffing)
  • Altran Technologies (Malware)
  • Universiti Teknologi Mara (1.164.540)
  • Critical Care Pulmonary & Sleep Associates (Account Hijacking)
  • LocalBitcoins (Account Hijacking)
  • BenefitMail (Account Hijacking)
  • Roper St. Francis Heathcare (Account Hijacking)
  • Airbus (Account Hijacking)
  • Kwik Fit (Malware)
  • St Lawrence College (Account Hijacking)
  • Chaplaincy Healthcare (Account Hijacking)
  • Caddo Parish School System (Account Hijacking)
  • Discountmugs.com (Malicious Script Injection)
  • The Shift News (DDoS)
  • Redbanc (Targeted Attack)
  • Cidade de Del Rio (Malware)

 Fevereiro

  • Catawba Valley Medical Center (20.000)
  • Dukin’ Donuts (quantidade não divulgada)
  • Huddle House Dining and Fast Food (quantidade não divulgada)
  • EyeSouth Partners (24.000)
  • 500px Photo Sharing (14.8 milhões)
  • Metro Bank (SS7 Attack)
  • Huddle House (PoS Malware)
  • Mount Zion School District (Malware)
  • Roper St. Francis Healthcare (Account Hijacking)
  • Trakt (Malicious Script)
  • Pawnee County Memorial Hospital (Malware) 
  • Pharmaca (PoS Malware)
  • OkCupid (Credential Stuffing)
  • Reserve Bank of India (Malware)
  • North Country Business Products (PoS Malware)
  • Memorial Hospital (Account Hijacking)
  • AltaMed Health Services Corporation (5.767)
  • Coffes Meets Bagel (6 milhões)
  • Advent Health (42.000)
  • LandMark White (100.000)
  • Chester Country (Malware)
  • ATM Cash Dispenser (Malware)
  • Cabrini Hospital (Malware)
  • UK’s Labour Party (Brute Force)
  • Uconn Health (Account Hijacking)
  • Pompano Beach (Malware)
  • VMWare Horizon PoS thin Clients (PoS Malware)
  • Florida Keys Community College (Account Hijacking)
  • International Hedge Funds (Account Hijacking)

 Março

  • Dow Jones (2.4 milhões)
  • UW Medicine (1 milhão)
  • Gearbest Chinese eCommerce (1.5 milhões)
  • Facebook (600 milhões)
  • Federal Emergency Management Agency (1.8 milhões)
  • Oregon Department of Human Services (2 milhões)
  • Earl Enterprises (2 milhões)
  • Verifications.io (980 milhões)
  • Hexion Chemical Company (Malware)
  • Netflix Users (Account Hijacking)
  • Orange Country (Malware)
  • Frederick Regional Health System (Account Hijacking)
  • Haylands Primary School (Malware)
  • MyPillow.com (Malicious Script Injection)
  • Amerisleep (Malicious Script Injection)
  • Oregon Departments of Human Services (Account Hijacking)
  • UK Police Federation (Malware)
  • Police Federation of England and Wales (Malware)
  • Human Development Center (Account Hijacking)
  • Navicent Health (Account Hijacking)
  • Superior Dental Care (Account Hijacking)
  • Oregon Govermment (Account Hijacking)
  • Earl Enterprises (PoS Malware)
  • City of Albany (Malware) 

 Abril

  • Georgia Tech (1.3 milhões)
  • Facebook (540 milhões)
  • Bodybuilding.com (9 milhões)
  • Microsoft Email Services (quantidade não divulgada)
  • Atlanta Hawks (quantidade não divulgada)
  • Palmetto Health (Account Hijacking)
  • Womens’Health USA (Account Hijacking)
  • Arizona Beverages (Malware)
  • Genesee Country (Malware)
  • Verizon Customers (Account Hijacking)
  • Cidade de Tailahassee (Account Hijacking)
  • Bayer (Targeted Attack)
  • Health Recovery Services (20.485)
  • Clearway Pain Solutions (35.000)
  • Metrocare Services (Account Hijacking)
  • Zilliqa (Account Hijacking)
  • RS Medical (Account Hijacking)
  • Weslaco Regional Rehabilitation Hospital (Account Hijacking)
  • King’s College London (Brute Force)
  • Cidade de Greenville (Account Hijacking)
  • Questcare Medical Services (Account Hijacking)
  • Kyushu Railway Co. (8.000)
  • Garfield Country (Malware)
  • Cidade de Stuart (Malware)
  • Cidade de Stratford (Malware)
  • Wipro Ltd.  (Account Hijacking)

 Maio

  • AMC Networks (1.6 milhões)
  • Freedom Mobile (1.5 milhões)
  • Canva (139 milhões)
  • First American Financial Corp (885 milhões)
  • Chtrbox Mumbai social media (49 milhões)
  • Flipboard (quantidade não divulgada)
  • Checkers Restaurants (quantidade não divulgada)
  • Singapore Red Cross (4.000)
  • Oregon Construction Contractors Board (8.013)
  • Cancer Treatment Centers of America (Account Hijacking)
  • LibertyBus (Account Hijacking)
  • US Air Force (Targeted Attack)
  • Flipboard (Numeros não divulgados)
  • Checkers and Rally’s (PoS Malware)
  • People Inc. (Account Hijacking)
  • Leicester City FC (Malicious Script Injection)
  • Broome Country (Account Hijacking)
  • Gannett Co. (18.000)
  • HandBrake (Malware)
  • FCC – Federal Communications Commission (DDoS)
  • France Central Bank (Account Hijacking)
  • Cedexis (DDoS)
  • Edmodo (78 Milhões)
  • Brooks Brothers (PoS Malware)

 Junho

  • Quest Diagnostics (11.9 milhões)
  • Labcorp (7.7 milhões)
  • Mars Mission Data 
  • Broome Country (Account Hijacking)
  • Eurofins Scientific (Account Hijacking)
  • Auburn Food Bank (Malware)
  • Dave East (Account Hijacking)
  • Emuparadise (1.1 milhões)
  • Lake City (Malware)
  • Nova Scotia Health Authority (Account Hijacking)
  • ASCO (Malware)
  • Telegram (DDoS)
  • Cidade de Edcouch (Malware)
  • Cidade de Burlington (Account Hijacking)
  • Estes Park Health (Malware)
  • N.E.O Urology (Malware)
  • Graceland University (Account Hijacking)
  • Oregon State University (Account Hijacking)
  • Emuparadise Gaming Emulator (11 milhões)
  • Olean Medical Group (Malware)
  • Seneca Nation Health System (Malware)
  • Australian Catholic University (Account Hijacking)
  • Tenx Systems (Malware)
  • Riviera Beach (Malware)
  • Steam Users (Account Hijacking)
  • Cidade de Sun Prairie (Account Hijacking)
  • Instragram Users (Account Hijacking)
  • Bem Gurion Airport (GPS Spoofing)

 Julho

  • Maryland Dept of Labor (78.000)
  • Georgia Court System (Malware)
  • Canonical Ltd (Account Hijacking)
  • American Land Title Association (Account Hijacking)
  • La Porte Country (Malware)
  • Gila Country (Malware)
  • Philadelphia Federal Credit Union (400)
  • Arlington Country (Account Hijacking)
  • Nemadji Research Corporation (14.591)
  • Amazon Customers (Account Hijacking)
  • Cidade de New Bedford (Malware)
  • Los Angeles Country Department of Health Services (14.600)
  • Bulgaria’s National Revenue Agency (5 milhões)
  • QuickBit (300.000)
  • Capital One (100 milhões)
  • SyTech (7.5 Terabytes)
  • Foodpanda Singapore (Account Hijacking)
  • Telegram Users (Malware)
  • Sprint Mobile (Account Hijacking)
  • American Express Users (Account Hijacking)
  • University of Alabama (1.400)
  • Slack (Account Hijacking)
  • Asian Art Museum in San Francisco (Malware)
  • Henry Country (Malware)
  • Bahamas Ministry of Tourism (Malware)
  • Cidade de Collerville (Malware)
  • Lancaster University (Account Hijacking)
  • Midlands Technical College (Malware)
  • University of Hawaii (70.000)
  • Morehouse Parish School District (Malware)
  • Sabine Parish School District (Malware)
  • Quachita Parish School District (Malware)
  • Vigo Country (Malware)
  • City Power South Africa (Malware)
  • Autoridades Brasileiras (Telegram Attack)
  • Georgia State Patrol (Malware)
  • Georgia Capitol Police (Malware)
  • Cidade de Concord (Defacement)
  • DNSForum (Account Hijacking)

 Agosto

  • Poshmark Fashion Plataform (50 milhões)
  • CafePress (23 milhões)
  • Suprema Biometrics (1 milhão)
  • Hostinger (14 milhões)
  • LIHKG (DDoS)
  • Governo da Argentina (700Gb)
  • Spotsylvania Country (Account Hijacking)
  • Michigan Medicine (5.000)
  • NordVPN Service (Malware)
  • Portland Public Schools (Account Hijacking)
  • RubyGems Users (Malicious Code Injection)
  • PokerTracker.com (Malicious Script Injection)
  • City of Saskatoon (Account Hijacking)
  • Hospital of San Joaquin (Malware)
  • Massachusetts General Hospital (9.900)
  • Alberta Health Services (7.000)
  • Sonoma Valley Hospital (Domain Hijacking)
  • Rockville Center N.Y. School District (Malware)
  • Lake Country (Malware)
  • StockX (6.8 Milhões)
  • Cidade de Naples, Florida (Account Hijacking)
  • SuperINN (SQL Injection)
  • Presbyterian Healthcare Services (Account Hijacking)
  • Murfreesboro Water Department (Defacement)
  • AT&T (Malware)
  • Camp Verde Unified School District (Malware)
  • Walmart Users (Account Hijacking)
  • National Baseball Hall of Fame (Malicious Script Injection)
  • Township of Maplewood (Malware)
  • Air New Zealand (Account Hijacking)
  • Universidade da Florida (Defacement)
  • Choice Hotels (700.000)
  • Cracked.to (321.000)
  • Indian Army (Malware)
  • Hy-Vee (PoS Malware)

 Setembro

  • Get Facilitate Payments (50.000)
  • BleachBit Users (Malware)
  • City Of New Bedford (Malware)
  • Wolcott School District (Malware)
  • UC Health (Account Hijacking)
  • Sherman School (Malware)
  • Meridian Community College (Account Hijacking)
  • Hong Kong Exchanges and Clearing Limited (DDoS)
  • Wikipedia (DDoS)
  • World of Warcraft Classic (DDoS)
  • Premier Family Medical (Malware)
  • Novaestrat (20 milhões)
  • Malindo Air (quantidade não divulgada)
  • Magelian Health (Account Hijacking)
  • Meridian Lightweight Technologies (Malware)
  • Kent State University (Account Hijacking)
  • Cancer Treatment Centers Of America at Southeastern Regional Medical Center (Account Hijacking)
  • Catholic Health Initiative at Lakeside Hospital (Malware)
  • Bradford City Hall (Malware)
  • Travis Central Appraisal (Malware)
  • Sarrell Dental (Malware)
  • Thinkful (Account Hijacking)
  • Twitter (Fake Social Accounts)
  • Cool Ideas (DDoS)
  • Youtube (Account Hijacking)
  • Grandi Navi Veloci (Malicious Script Injection)
  • City of Woodstock (Malware)
  • Union City (Malware)
  • Instagram Users (Account Hijacking)
  • Guthrie Public School (Malware)
  • Mobile Country Public Schools (Malware)
  • Office365 Users (Account Hijacking)
  • Airbus  (quantidade não divulgada)
  • Rheinmetall Automotive (Malware)
  • Defense Construction Canada (Malware)
  • Listowel Hospital (Malware)
  • Wingham Hospital (Malware)
  • Brazilian Citizens (92 milhões)
  • Zynga (218 milhões)
  • Demant (Malware)

 Outubro

  • Web.com (quantidade não divulgada)
  • 7-Eleven (quantidade não divulgada)
  • UniCredt (3 milhões)
  • International Airport in Europe (Malware)
  • BillTrust (Malware)
  • WordPress Sites (Malicious WordPress Plugins)
  • University Malaya (Account Hijacking)
  • TorGuard (quantidade não divulgada)
  • San Bernardino City Unfied School District (Malware)
  • Avast (Account Hijacking)
  • Amazon AWS (DDoS)
  • Lottomatica (DDoS)
  • Kalispeli Regional Healthcare (Account Hijacking)
  • Human Rights – UNICEF, UM World Food (Account Hijacking)
  • City of Johannesburg (Malware)
  • South African Banks (Malware)
  • Procter & Gamble’s Firts Aid Beauty (Malicious Script Injection)
  • Betty Jean Kerr People’s Health Center (Malware)
  • City of Ocala (Email Scan)
  • Krystal (PoS Malware)
  • American Cancer Society (Malicious Script Injection)
  • Bed Bath & Beyond (quantidade não divulgada)
  • Las Cruces Public Schools (Malware)
  • Marriott International (quantidade não divulgada)
  • Ontario Science Centre (Account Hijacking)
  • Utah Valley Eye Center (quantidade não divulgada)
  • TransUnion (37.000)
  • DCH Regional Medical Center in Tuscaloosa (Malware)
  • Northport Medical Center (Malware)
  • Fayette Medical Center (Malware)
  • Luzerne Country (Malware)
  • Gorgon Group (Malware)
  • City of Cornella (Malware)
  • Tukwila School District (Account Hijacking)
  • Montgomery Country Public School (Brute Force)
  • Goshen Health (Account Hijacking)
  • University of Alabama at Bitmingham (Account Hijacking)
  • Italian Democratic Party (SQL Injection)
  • TOMS Shoes (quantidade não divulgada)
  • Beeline (8.7 milhões)

 Novembro

  • Database Descoberto (1.2 bilhões)
  • T-Mobile (1 milhão)
  • OnePlus (quantidade não divulgada)
  • National Veterinary Associates (Malware)
  • Sag Harbor’s Pierson High School (Malware)
  • Liver Wellness (Account Hijacking)
  • Louisiana State Govermment (Malware)
  • EpicBot (800.000)
  • Chicopee Public Schools (Malware)
  • Edenred Payment Solution (Malware)
  • Cidade de Dothan (Malicious Script Injection)
  • Livingston School District (Malware)
  • Virtual Care Provider Inc. (Malware)
  • Catch Hospitality Group (PoS Malware)
  • New York City Police Department (Malware)
  • Prosegur (Malware)
  • Digital Insights (Account Hijacking)
  • Everts IT Services (Malware)
  • Lincoln Country School District (Malware)
  • InterMed (Account Hijacking)
  • Lyca Mobile (5.4 Gbytes)
  • Boardriders (Malware)
  • ConnectWise (Malware)
  • Pemex (Malware)
  • Disney+ (Account Hijacking)
  • Arvan (DDoS)
  • Starling Physicians (Account Hijacking)
  • Select Health (Account Hijacking)
  • Cidade de San Angelo (Malicious Script Injection)
  • Macy’s (Malicious Scripts Injection)
  • CAH Holdings (Account Hijacking)
  • Jackson County Georgia (Malware)

AUTOR: Felipe Prado – Ethical Hacker / IBM Brazil Digital Influencer

FONTE: LINKEDIN

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *