Skip to content

Incidents from

2012

Data breachResolved

Heroes of Newerth data breach (2012)

In December 2012, the multiplayer online battle arena game known as Heroes of Newerth was hacked and over 8 million accounts extracted from the system. The compromised data included usernames, email addresses and passwords.

Victim
Heroes of Newerth
Records
8.1M
Data breachResolved

BookCrossing data breach (2012)

In August 2022, the book social networking site BookCrossing disclosed a data breach that dated back to a database backup from November 2012. The incident exposed almost 1.6M records including names, usernames, email and IP addresses, dates of birth and plain text passwords.

Victim
BookCrossing
Records
1.6M
Data breachResolved

Netlog data breach (2012)

In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed.

Victim
Netlog
Records
49.0M
Data breachResolved

Lookbook data breach (2012)

In August 2012, the fashion site Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 million usernames, email and IP addresses, birth dates and plain text passwords.

Victim
Lookbook
Records
1.1M
WiperContained

Saudi Aramco Shamoon wiper

Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.

Victim
Saudi Aramco
Loss
$200.0M
Data breachResolved

The Botting Network data breach (2012)

In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.

Victim
The Botting Network
Records
96.3K
EspionageResolved

Gauss banking-espionage malware against Lebanese banks

Gauss, a nation-state cyber-surveillance toolkit related to Flame and Stuxnet, infected over 2,500 systems β€” most heavily in Lebanon β€” and was the first publicly known state-sponsored malware engineered to steal online-banking credentials from specific Lebanese banks.

Victim
Lebanese banks (Bank of Beirut, Byblos Bank, Fransabank, BlomBank, Credit Libanais) and their customers
Data breachResolved

Xiaomi data breach (2012)

In August 2012, the Xiaomi user forum website suffered a data breach. In all, 7 million email addresses appeared in the breach although a significant portion of them were numeric aliases on the bbs_ml_as_uid.xiaomi.com domain.

Victim
Xiaomi
Records
7.1M
Data breachResolved

Yahoo data breach (2012)

In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text.

Victim
Yahoo
Records
453.4K
Data breachResolved

War Inc. data breach (2012)

In mid-2012, the real-time strategy game War Inc. suffered a data breach. The attack resulted in the exposure of over 1 million accounts including usernames, email addresses and salted MD5 hashes of passwords.

Victim
War Inc.
Records
1.0M
Data breachResolved

Disqus data breach (2012)

In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames.

Victim
Disqus
Records
17.6M
Data breachResolved

League of Legends data breach (2012)

In June 2012, the multiplayer online game League of Legends suffered a data breach. At the time, the service had more than 32 million registered accounts and the breach affected various personal data attributes including "encrypted" passwords.

Victim
League of Legends
Records
339.5K
Data breachResolved

LinkedIn password breach

A 2012 intrusion into LinkedIn exposed user passwords stored as unsalted SHA-1 hashes. Initially reported as 6.5 million credentials, the full scope of 117 million accounts only emerged in 2016 when the data surfaced for sale on the dark web.

Victim
LinkedIn
Loss
$1.3M
Records
117.0M
Data breachResolved

WHMCS data breach (2012)

In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.

Victim
WHMCS
Records
134.0K
Data breachResolved

JobStreet data breach (2012)

In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums.

Victim
JobStreet
Records
3.9M
Data breachResolved

Gamigo data breach (2012)

In March 2012, the German online game publisher Gamigo was hacked and more than 8 million accounts publicly leaked. The breach included email addresses and passwords stored as weak MD5 hashes with no salt.

Victim
Gamigo
Records
8.2M
Data breachResolved

YouPorn data breach (2012)

In February 2012, the adult website YouPorn had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text passwords.

Victim
YouPorn
Records
1.3M
Data breachResolved

126 data breach (2012)

In approximately 2012, it's alleged that the Chinese email service known as 126 suffered a data breach that impacted 6.4 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

Victim
126
Records
6.4M
Data breachResolved

Taobao data breach (2012)

In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…

Victim
Taobao
Records
21.1M
Data breachResolved

VK data breach (2012)

Russia's largest social network VK was compromised around 2012, exposing roughly 93 million accounts with names, phone numbers, email addresses and plaintext passwords. The data surfaced for sale in 2016 via the broker 'Peace'.

Victim
VK
Records
93.3M