DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Have you googled your site to see if you’ve been hacked?

Posted on April 9, 2015 by Dissent

It’s 2015, and too many entities still don’t seem to know to do Google searches or Pastebin searches on themselves to find out if they’ve been hacked or their data dumped somewhere. There’s no way this blog can report on them all or even alert them all, but one of today’s examples is WAYEB, the European Association of Mayanists.

I know, I know: who’d want to hack a non-profit group of folks interested in the Mayan culture, right?  But being an academically oriented organization does not immunize you from those who run around testing for SQL injection vulnerabilities.

On April 5, a hacker who tweets as “Jabb” (@Versifyings on Twitter) dumped hundreds of records of WAYEB members on Pastebin. The records, from what appears to be a backup database,  included 237 members’ e-mail addresses, clear text passwords, and phone number(s). An additional 240 records included e-mail addresses, usernames, and once again, clear text passwords.

No financial information was dumped.

This was not the first time wayeb.org was hacked and data dumped, as DataBreaches.net pointed out to WAYEB in a notification alert last night.

WAYEB did not acknowledge or respond to the e-mail notification, but I see that all of the pastes that had been specifically mentioned in the e-mail notification have been removed overnight, so they likely did receive the alert. Whether they intend to notify all those whose email addresses, usernames, and clear-text passwords were exposed is unknown to DataBreaches.net, but it would be prudent to do so as people continue to re-use passwords across sites, despite repeated warnings to the contrary. DataBreaches.net does not know whether WAYEB also intends to report the breach to any EU data protection authorities.

In the meantime, when was the last time you checked to see if your organization’s information or records had been dumped on Pastebin or if they show up in a Google search for your domain? Even if you don’t collect or store financial data, think of what’s involved in notifying everyone whose personal information has been publicly dumped. And think of what data protection regulators might put you through.

Isn’t it worth checking regularly?

Update: Chris Walshman reminds me that haveibeenpwned.com is also a great site to check.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Statement by CasualX in response to “false statements” by vpnMentor
Category: Commentaries and AnalysesHackMiscellaneousNon-U.S.

Post navigation

← French media groups hold emergency meeting in wake of ISIS hacking attack
CareerSource South Florida employee stole and sold identity info on public benefits applicants →

1 thought on “Have you googled your site to see if you’ve been hacked?”

  1. Chris says:
    April 9, 2015 at 11:58 am

    One means folks can use to assist this process a bit comes courtesy of Troy Hunt (@troyhunt), who created https://haveibeenpwned.com/

    You can see if your individual credentials have been exposed, and with appropriate verification can also see if any creds from your domain have. It’s well thought out (IMO), and maintained diligently.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.