Weekly Breach Report – June 1st

Jun 1, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Unc0ver tool

Hackers released a new version of the unc0ver jailbreaking tool that can unlock all iPhones, including those running the latest iOS 13.5. The Hacker News: https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html

Android OS

Researchers described details of a new and critical vulnerability that impacts the Android operating system. The Hacker News: https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html


A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. ThreatPost:


Hack-for-hire Firms

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spear-phishing email campaigns, Google’s Threat Analysis Group said Wednesday. CyberScoop:


Bank of America

Bank of America notified customers of a data breach impacting Paycheck Protection Program loan applications. PYMNTS.com: https://www.pymnts.com/safety-and-security/2020/bank-of-america-experiences-potential-data-breach-with-ppp-applications/

Wichita State University

A data breach impacting current and former students of Wichita State University is now the subject of a federal lawsuit. Government Technology: https://www.govtech.com/security/Kansas-University-Data-Breach-Affects-Current-Former-Students.html

Arbonne International

This multi-level marketing company disclosed a data breach that impacted 3,500 California residents. Security Boulevard: https://securityboulevard.com/2020/05/airbonne-international-discloses-data-breach-affecting-thousands-of-californians/

NTT Communications

This Japan-based multinational, one of the world’s largest suppliers of telecoms and IT-services, revealed that attackers had stolen data from internal systems, affecting over 600 customers. Infosecurity:



Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. Bleeping Computer:


Cisco Systems

Cisco said that attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which is used in some Cisco networking products. Threatpost:



The Minneapolis Police Department’s website has shown signs of a cyberattack since late Saturday, days after a video purported to be from the hacktivist group Anonymous promised retribution for the death of George Floyd during an arrest. Bloomberg: https://www.bloomberg.com/news/articles/2020-05-31/anonymous-says-it-ll-expose-minneapolis-police-website-hacked

Russian Hackers

A new report from the US National Security Agency reveals that a group of Russian hackers associated with that government’s military-intelligence agency, GRU, has been exploiting a technical vulnerability to hack into American computers. Salon:


Daniel’s Hosting

A hacker has leaked online the database of Daniel’s Hosting, the largest free web-hosting provider for dark-web services. ZDnet:


Home Chef

Hackers leaked Home Chef’s customer records, including emails, names, phone numbers and encrypted passwords. OODA Loop: https://www.oodaloop.com/briefs/2020/05/26/home-chef-serves-up-data-breach-for-8-million-records/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.