Companies & Errata

Company Errata The following entries show various companies that have tried their hand in the game we call the Internet. Due to a lack of security, these companies have exposed customer information, installed backdoors into software you purchased or carried out other questionable acts. They are listed here to help you realize some dangers of using the Internet, and which companies you may want to be wary of.

Note: Entries are now listed in reverse chronological order. Incidents of sensitive information being disclosed have been moved to the DatalossDB project.





When Link/Incident (Company)
2013-03-19 When Bad Tech Journalism Gets Worse (CNet)
2013-03-19 Security vulnerability exposes confidential information of firms seeking government contracts (IBM)
2012-10-16 Developers ignore their security responsibilities: Oracle (Oracle)
2012-09-27 Hackers Breached Adobe Server in Order to Sign Their Malware (Adobe)
2012-06-24 Apple Quietly Pulls Claims of Virus Immunity (Apple)
2012-05-24 New Jersey mayor, son, arrested on charges they nuked recall website (West New York, NJ)
2012-05-24 Yahoo leaks its own private key via new Axis Chrome extension (Yahoo)
2012-05-22 Silicon Valley tech executive nabbed in false barcode scheme involving Lego toys (SAP)
2012-05-03 Yahoo's Response on CEO's Computer Science ResumeGate: "Inadvertent Error" (Yahoo)
2012-05-03 Microsoft kicks Chinese company out of vulnerability sharing program (Microsoft)
2012-04-16 Oracle Rapped for Misleading Advertisinge (Oracle)
2012-03-29 Adobe's latest critical security update pushes scareware (Adobe)
2012-02-22 Sony under attack again, Australia Sony VAIO website hacked and defaced by VViP Team (Sony)
2012-02-13 Microsoft store hacked - logins, passwords stolen (Microsoft)
2011-12-24 STRATFOR Global Intelligence Data Loss, Site Defaced (STRATFOR)
2011-12-05 CNet Download.com Bundles Software with Malware (C|Net Download.com)
2011-11-23 Apple Took 3+ Years to Fix FinFisher Trojan Hole (Apple)
2011-11-11 Microsoft: 47,000 working MSN and Hotmail e-mail addresses and passwords found in phishing attempt attachment (Microsoft)
2011-10-21 Nasdaq hackers spied on company boards (Nasdaq)
2011-10-05 0day Full disclosure: American Express (AmEx)
2011-09-21 Microsoft dumps partner over telephone scam claims
2011-08-16 Vanguard Defense Industries compromised by AntiSec (VDI)
2011-03-28 Oracle's MySQL.com hacked via SQL injection (Oracle)
2011-01-09 IBM developerWorks defaced (IBM)
2010-09-20 XSS Weakness Found on Visa USA Website (Visa)
2010-08-23 United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says (United Nations)
2010-08-12 SMCI widget and growsmartbusiness.com by Network Solutions still serving malware (Network Solutions)
2010-03-25 Ubisoft's 'Uncrackable' DRM lasts 24 hours (Ubisoft)
2009-11-04 unisfair.com Vulnerable to XSS, Reacts Poorly to News (Unisfair.com)
2009-11-04 Apple iTunes Affiliate Site XSS (Apple)
2009-11-04 Microsoft MSDN Site XSS (Microsoft)
2009-10-16 IBM, Intel execs arrested over alleged insider trading
2009-10-10 T-Mobile / Microsoft Servers Crash and No Backup Strategy
2009-07-28 Data Detailing New York Stock Exchange Network Exposed on Unsecured Server (EMC)
2009-03-27 AT&T Lies to Congress About Cybercrime Damage Figures
2008-09-16 SQL injection taints BusinessWeek.com (BusinessWeek)
2008-09-12 Hackers infiltrate Large Hadron Collider systems and mock IT security (CERN)
2008-07-30 Government Professionals Bought Bogus Degrees and Diplomas
2008-07-01 Former VP of HP Charged with IBM Trade-Secret Theft
2008-05-30 Comcast's DNS records hijacked by pair of young hackers (Comcast)
2008-01-21 RIAA wiped off the net (RIAA)
2008-01-07 'Hacker Safe' Geeks.com Hacked (Geeks.com)
2008-01-03 Managemyhome.com: Another privacy issue for Sears (Sears)
2007-12-20 Sears.com: Join the Community - Get Spyware (Sears)
2007-12-17 Business data exposed on Canada Post website (Canada Post)
2007-10-08 Hacker breaks into eBay server, locks out users (eBay)
2007-10-04 Bad things lurking on government sites (Madera Court, Brookhaven National Laboratory)
2007-08-19 Identity attack spreads; 1.6M records stolen from Monster.com (Monster.com)
2007-05-09 PC World editor returns as IDG exec reassigned (PCWorld)
2007-05-04 British Gas security scare as payments page springs a leak (British Gas)
2007-05-02 PC World editor resigns over apparent ad pressure (PCWorld)
2007-04-21 Astroglide data breach exposes customer information (Astroglide)
2007-03-27 Faulty contract costs the VA millions (VA, ISS, SecureInfo)
2007-03-07 WordPress blog server hacked (WordPress)
2007-03-05 U.S. government’s NOAA site hacked by pill pushing spammers (NOAA)
2007-02-27 SEC Sues Company For Using Hacked Information In Trades (Blue Bottle Ltd.)
2007-01-02 Web sites were able to steal Gmail contact lists (Google / Gmail)
2006-12-11 How Vista Lets Microsoft Lock Users In (Microsoft)
2006-11-09 Google posts Kama Sutra worm (Google)
2006-10-18 Electronic Arts releases Battlefield 2142 with web tracking spyware (Electronic Arts)
2006-09-16 HP security staff helped in leak investigation (HP)
2006-09-15 Phone Scam Charge Rocks HP (HP)
2006-08-23 AT&T sues data brokers over information (AT&T)
2006-08-06 AOL Proudly Releases Massive Amounts of Private Data (AOL)
2005-10-23 Contractor Accused Of Overbilling U.S. (Unisys)
2003-09-16 All your Web typos are belong to us (VeriSign)
2003-08-11 Consumer Database Compromised (Acxiom)
2003-08-07 Diebold proprietary software leak (Diebold)
2003-06-25 Information disclosure (Virgin.net)
2003-05-08 Microsoft admits Passport identity service was vulnerable
2003-05-08 Insecure authentication scheme (T-Mobile)
2003-04-21 Provides insecure web hosting (SBC)
2003-03-26 Microsoft won't fix NT vulnerability while supported
2003-02-16 5,000 Confidential Documents Leaked (Transport Canada)
2003-02-13 Customer Information Exposure (FTD.com)
2003-01-28 Microsoft slammed by its own product's vulnerability
2002-03-27 Microsoft .NET promo reveals personal info (Microsoft)
2002-03-21 Exposes Comdex customer info (Key3 Media)
2002-03-15 Prime Minister Junichiro Koizumi's office exposes visitor data (Junichiro Koizumi)
2002-03-06 US House of Representatives site exposes internal database investigation info (Government: HoR)
2002-02-22 World Wide Web Consortium members don't follow their own standards (W3C)
2002-02-14 Compromise forces release of profit info (Buhrmann)
2002-01-22 Customer data exposed (Choicepoint)
2001-11-02 Admits to lies about contracting/issues (Iomart)
2001-09-29 Spyware, questionable business practice (Gatorsoft)
2001-09-06 Insecure business, questionable service (Cryptologics.com)
2001-08-28 Customer Information Exposure (Webcertificate.com)
2001-08-23 Customer Information Exposure (MuchMusic)
2001-08-21 Infected by Code Red Worm (Hotmail)
2001-08-01 Insecure public service (Crimeseeker.com & eCertifications)
2001-07-06 Information Exposure (Government: Dept. of Commerce)
2001-07-06 Financial service compromised (S1)
2001-06-30 Subscriber Information Exposure (Excite@Home)
2001-06-13 Spyware (Creative Labs)
2001-05-25 Sold Customer Information (eTour)
2001-05-14 Backdoor in software (Microsoft)
2001-04-20 BT Exposes Customer Phone Records (BT Telecom)
2001-03-08 Newsletter alteration (Bloor Research)
2000-09-28 Talk21 Security breached/Email accounts compromised (BT Internet)
2000-05-01 Computer Reseller News/CMP, hostile responses to pointing out errors (CRN/CMP)
2000-04-18 Computer Reseller News/CMP engineers fail scripting 101 (CRN/CMP)
1998-09-28 Backdoor in software (iChat)
1998-05-01 Backdoor in software (ID Software)
1998-04-30 Backdoor in software (Blizzard)
1997-10-02 Unaware of existing security technology (Gartner Group)
19??-??-?? Gartner skewing numbers (Gartner Group)




Copyright 2005-2011 by Attrition.org. Permission is granted to quote, reprint or redistribute provided the text is not altered, and appropriate credit is given.