Polyverse Weekly Breach Report


A snapshot look at the breaches and reported vulnerabilities of last week


A page on Comcast’s Xfinity website exposed customer account information to anyone on that customer’s network. Comcast shut down the API after they were alerted of the leak. To read more: https://www.zdnet.com/article/comcast-fixes-another-xfinity-website-data-leak/

Ticketmaster UK

Ticketmaster UK alerted customers that it had found malicious software on Inbenta, a support-chat tool used to help major websites interact with their customers. Ticketmaster said that a hacker had accessed a small percentage of customers’ data. To read more: https://www.zdnet.com/article/inbenta-blamed-for-ticketmaster-breach-says-other-sites-not-affected/


This Linux distro alerted users that someone had managed to break into the organization’s GitHub account and modified the open-source project’s data. Gentoo does not yet know the extent of the modifications, and is working to regain control of the organization and its repositories. To read more: https://www.theregister.co.uk/2018/06/28/gentoo_linux_github_hacked/

Law-enforcement data

A data breach at an active-shooter training center exposed the personal data of thousands of US law-enforcement officials. To read more: https://www.zdnet.com/article/a-massive-cache-of-law-enforcement-personnel-data-has-leaked/


This popular betting platform left a password list for its back-office systems on its website. The site has since removed the document. To read more: https://www.zdnet.com/article/betting-giant-betvictor-left-a-list-of-internal-passwords-online/


This marketing company left two terabytes of sensitive data exposed on the internet. The data included personal information on 230 million consumers and 110 million business contacts. To read more: https://www.tripwire.com/state-of-security/security-data-protection/hitherto-unknown-marketing-firm-exposed-hundreds-of-millions-of-americans-data/


Adidas alerted customers who purchased from its website of a data breach. The hackers acquired data including contact information, usernames and encrypted passwords. To read more: https://www.marketwatch.com/story/adidas-warns-about-a-potential-data-breach-2018-06-28


This online-survey and form-building service announced a data breach after an attacker downloaded a backup file containing sensitive customer information. To read more: https://www.bleepingcomputer.com/news/security/typeform-announces-breach-after-hacker-grabs-backup-file/


This secure-email provider faced multiple outages last week due to a wave of DDoS attacks. Researchers tracked the hacking group to Russia. To read more: https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/

Reported Vulnerabilities


Cisco is urging users to install the fix for a recently disclosed denial-of-service flaw affecting many of its security appliances. To read more: https://www.zdnet.com/article/cisco-patch-now-attackers-are-exploiting-asa-dos-flaw-to-take-down-security/


Researchers published three attacks against the mobile communication standard LTE, a first-generation type of 4G technology. To read more: https://www.bleepingcomputer.com/news/security/security-flaws-disclosed-in-lte-4g-mobile-telephony-standard/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.