Dominos Pizza hacked, details of 650k customers stolen

Hackers who claimed to have compromised the database server of Domino's Pizza have demanded a ransom of €30,000 to prevent the public disclosure of customer's data.

The hacker group going by the name of Rex Mundi said they hacked into the servers of Domino's Pizza France and Belgium.

The hackers have managed to download more than 592,000 customer records from Dominos France and 58,000 records from Belgian website.

They claim the compromised database contained sensitive information such as customer's full names, addresses, phone numbers, delivery instructions, email IDs and passwords.

The group gave a deadline of 8PM CET for Dominos to pay them.

"If they do not do so, we will post the entirety of the data in our possession on the Internet." The group said.

Domino's France posted a series of tweets in which it acknowledged the hack and recommended users to change their passwords.

Security Breach at TradeMotion affects customers of AutoNation

AutoNation, Inc, said to be one of the largest largest automotive retailer in the United States, is notifying its customers that hackers may have gained access to their personal and financial information.

AutoNation said one of their third party vendors 'TradeMotion' has experienced a cyber attack.

Websites of AutoNation including 'parts.autonationfordwhitebearlake.com', 'parts.championtoyotaofaustin.com' and 'www.discounttoyotaparts.com' which is maintained by TradeMotion affected by this breach.

The information accessed by hackers includes customers' names, street addresses, email addresses, telephone numbers and credit card numbers entered between March 5,2014 and May 2, 2014.

TradeMotion has contacted the FBI regarding the icident.

AutoNation advises customers to monitor their financial accounts closely and offers one year free identity theft protection to affected customers.

Doge Vault hacked, 121 Million Dogecoin appears to be stolen


A Popular Dogecoin online wallet service DogeVault has reportedly been infiltrated by cyber criminals, millions of Dogecoins missing from user's wallet.

A note on the front page of the website(www.dogevault.com) says DogeVault service compromised by attackers on May 11, resulting in a service disruption and tampering with wallet funds.

The website has not provide much information about how much they lost in the heist.  However,  Some users at reddit reported that coins have been transferred to a newly created mega wallet.

According to Dogechain records, this wallet (DHKM6NDUUv9kaHAGi1QU7MRBNKfQiAdP3F) has more than 121 million Dogecoins that is about $56,000 dollars.

"We are currently in the process of identifying the extent of the attack and potential impact on user's funds" The statement on the website reads.

DogeVault suggests users not to transfer any funds to Doge Vault addresses until they finish the investigation.

Third-party database compromise leads to Yahoo mail account hack

Yahoo has acknowledged a number of yahoo mail accounts have been accessed by hackers.  Yahoo says the unauthorized access came after hackers compromise a third-party database.

Yahoo didn't specify the name of the third-party and didn't disclose number of affected users.  After learned about the unauthorized access, Yahoo is sending password reset mail to all impacted accounts.

The company also said in its official statement that they have found no evidence that the credentials were compromised directly from its server.  Their investigation revealed a malicious software is using the login credentials to access Yahoo mail accounts.

The company said that it is now working with federal law enforcement to find the cause of the unauthorized access.  Additional measures also implemented to secure its server.

Yahoo says if your account is affected by this breach, you will get a notification through your yahoo email or SMS if a phone number is linked to your account.

Staysure's system hacked and financial data of 90k+ customers stolen


Staysure, UK based Travel Insurance company, has notified more than 93,000 customers that their sensitive financial data may he been compromised by hackers.

The company systems suffered a cyber attack during the second half of the October 2013. However, they came to know about the breach only in the mid of November.

The company said that they immediately hired a cyber forensic investigator to fully ascertain the extent of the problem.

Hackers accessed sensitive information includes names, addresses, encrypted payment card details of customers and CVV details.

The company said that only people who bought the insurance policies before May 2012 are at risk - The company has stopped storing sensitive data after this date.

Affected customers are being offered a free access to Data Patrol, a 24/7 online identity fraud monitoring service provided by Experian.

MacRumors Forums hacked, 860,000+ users data compromised


MacRumors forums have been breached by hackers who managed to obtain the information belonging to 860106 users that includes hashed passwords.

"In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known." Editorial Director Arnold Kim wrote.

The hacker who behind the attack also made a post in MacRumors forum regarding the breach saying "We're not 'mass cracking' the hashes. It doesn't take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results."

Hackers also claimed that they are not going to use the compromised credentials to log into gmail, apple accounts or any other accounts unless they target users specifically for some reason.

"Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place." the hacker added.

It appears hackers have gained access to the database by logging into the forum with the stolen credentials of a single moderator.

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

http://pastebin.com/niCEMbRs

Linux Application WineHQ database Hacked

WineHQ database system is compromised. WinHQ is Linux Application that helps to run the .exe file inside the Linux. The hacker might get the access by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

They had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted). But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.

Now they removed all access to the PhpMyAdmin from outside.

Still now, there is no harm to Database.Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
as Encrypted(Hash), but with enough effort and depending on the quality of the
password, they can be cracked .

He afraid about the users information. The attacker can use those information and get access to the Users Account. So he planned to reset the password and send to the email user.

Security Tips from BreakTheSec:
  •  Don't Use the same password everywhere.(especially use different and secure password for gmail account and other important accounts)
  • @WineHQ's users: If you use the same password anywhere else, Change it immediately.