TOP-10 security incidents in May 2016

Last month was reach on interesting events and it was very hard to select just 10 of them. Nevertheless, we managed to do so, and here is our rating of TOP-10 security incidents.

1. ATM withdrawal operation in Japan
   On May 15 a group well organized criminals (known as drops in carding slang) cashed 1,4 billion Yen (around 12 million EUR) from ATM machines in 16 cities. The entire operation was very good organized, it lasted just 2,5 hours and involved more than 100 people. It is the biggest withdrawal fraud since 2012.
   
   
2. InvestBank UAE breach
   Hackers published 10Gb archive, containing internal files, sensitive financial documents and around 100 thousand credit card numbers from 2011 until September 2015.
   
   
3. Attack on Turkish state hospitals
   On May 17 hackers published a video on YouTube claiming to hack into Turkish state hospitals. They revealed a huge database containing personal information of people diagnosed with HIV and women, who have made abortions. According to official investigation reports, 33 hospitals in total were affected by the attack.
   
   
4. Swiss RUAG data breach
   In September 2014 Swiss military contractor suffered a huge data breach, which was discovered only in January 2016. In May Swiss CERT published a detailed report of the attack, explaining how it happened and when. According to report, attackers had access to RUAG’s network for over 1 year, and they surely stole a lot of confidential information.
   
   
5. Hackers forum Nulled.io hack
   Hackers published a partial database dump of the nulled.io hackers’ website. The dump contained email addresses, hashed passwords, IP addresses of 145 096 active members of the forum.
   
   
6. Mail.ru user credentials leak
   On May 5 publicity became aware that a huge database containing 272.3 million user credentials is being sold on dark web. The database contained about 57 million Mail.ru accounts and tens of millions of credentials from other email providers, such as Google, Yahoo and Microsoft. Further investigation into matter revealed that leaked credentials were outdated.
   
   
7. LinkedIn hack
   Nearly 117 million accounts of LinkedIn users were sold on dark web. This data was stolen back in 2012.
   
   
8. MySpace data leak
   On May 27 LeakedSource claimed to have in possession 360 million emails and passwords of users at MySpace, once famous social network. Most likely, this is not a fresh breach too.
   
   
9. Tumblr data leak
   Logins and passwords of Tumblr users surfaced after breach in 2013. The company claims they did not know about the breach until the database was offered for sale.
   
   
10. Twitter hack
    Symantec warned that hackers were able to access Twitter accounts of nearly 2,5 thousand users and were spreading links to websites with adult content. Among victims were journalists of The Telegraph and New York Times and a popular Canadian band Chromeo.