Bonobos

Bonobos is a men’s clothing retailer that has been subject to a data breach impacting its backups that were hosted online in the cloud. Names and telephone numbers of up to 7 million customers or orders were leaked. 3.5 million customers had their last four digits of the credit card and encrypted password (using the SHA-256 and SHA-512 hashing algorithms) leaked.

The data goes back multiple years, as far as 2014. It is unclear why Bonobos kept their backups for such a long time. It was reported that someone already decrypted more than 150.000 passwords that were encrypted with SHA-256 without hashing and salting them.

Bonobos has confirmed that the data was genuine, but that it was taken from a cloud service and not from their own network. They found no evidence of unauthorized access to their own network. The hosting provider responsible for the data was informed as soon as they noticed.

Socialarks

High-flying and rapidly growing Chinese social media management company Socialarks has suffered a huge data leak, leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers. This 400GB of data included more than 318 million records in total. Given the size of the leak, it is difficult to estimate the impact of the breach.

Socialarks used an insecure elastic search database that contained personal data of at least 2014 million social media users from around that world, from platforms such as Facebook, Instagram and Linkedin.

The data was found to be publicly exposed without password protection or encryption. This meant that anyone in possession of the server's IP address could have had access to the database.

It should also be noted that this is not their first data breach. In august 2020 more than 150 million records were also exposed in a similar manner.

Israeli Likud Party

In March of this year, the people of Israel voted for their next president. This time, they decided to use an elector app which has been found to have leaks before.To their surprise however, 6.5 million voters have had their data exposed via a database linked to the elector app.

Two days before the election, journalists in Israel were notified by hackers that the data was breached. The message included encrypted links and codes to access two databases, one of which contains the full voter registry, including names and ballot numbers of all 6,528,565 eligible voters. The other includes up-to-date names, addresses, ID numbers, and more details.

A flaw in the app’s web interface gave “admin access” to the entire database, allowing anybody to access and copy the Israeli voter registry, along with additional information gathered by Likud about hundreds of thousands of voters.

The exposed database included the full name, sex, home address, and, in many cases, cellphone number and responses to political polling for 6.5 million Israeli adults.

Morgan Stanley

On July 8th of this year, Morgan Stanley reported a breach after hackers stole personal data belonging to their customers, by hacking their third party called ‘Accellion FTA’ who hosts servers for them. Encrypted files were stolen together with the encryption key.

Morgan Stanley says that the documents stolen during this incident contained: stock plan participants' names, addresses, dates of birth, social security numbers and company names.

Accellion has said that roughly 300 customers used the 20-year-old legacy FTA software, with less than 100 of them being breached in these attacks. So far, these threat actors have hit energy giant Shell, cybersecurity firm Qualys, the Reserve Bank of New Zealand, Singtel, supermarket giant Kroger, the Office of the Washington State Auditor ("SAO"), the Australian Securities and Investments Commission (ASIC), multiple universities and other organizations.