The databases were stolen Attack.Databreach between 2011 to 2017 from widely visited forums providing information about Bitcoin mining and trading . The combined number of data stolen Attack.Databreach from these forums is more than 12,000,000 including 536,727accounts from MerlinsMagicBitcoin.com which suffered a data breach Attack.Databreach in January 2017 , 514,409 accounts from BitcoinTalk.org forum which was hacked Attack.Databreach in May 2015 , 568,357 stolen Attack.Databreach from BTC-E.com back in October 2014 , 21,439 accounts from BTC4Free.com which was hacked Attack.Databreach in January 2014 , 21,439 accounts from BTC4Free.com which was also hacked Attack.Databreach in January 2014 . 3,153 Bitcoin.Lixter.com which was breached Attack.Databreach in September 2014 , 1,780 BitLeak.net accounts stolen Attack.Databreach back in March 2014 , 28,298 DogeWallet.com accounts stolen Attack.Databreach in January 2014 , 61,011 MtGox.com stolen Attack.Databreach in June 2011 , 34,513 BitsCircle.com ( breach Attack.Databreach date unknown ) 10,855,376 BitcoinSec from 2014 breach Attack.Databreach and 3,149 accounts from TheBitcoinShop.pixub.com ( breach Attack.Databreach date unknown ) . In some cases , the passwords have been decrypted while some are using SHA1 hash which is easy to decrypt since Google security researchers have already broken the SHA-1 web security tool last month . The price set for this data is USD 400 ( BTC 0.3817 ) It must be noted that BitcoinTalk.org and BTC-E.com are two of the most important bitcoin related platforms having their data sold on the dark web since 2016 by several other vendors . However , we are not sure about rest of the platforms . Either way , if you have an account on any of the forums mentioned above change your password asap . Also , some of the forums discussed aren ’ t active anymore ; therefore , the relevance of their data is out of the question .

DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacks Attack.Phishing targeting its customers and users was the result of a data breach Attack.Databreach at one of its computer systems . The company stresses that the data stolen Attack.Databreach was limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was tracking Attack.Phishing a malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent from Attack.Phishing a malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to send Attack.Phishing the messages to customers and users because it had broken in and stolen Attack.Databreach DocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary access Attack.Databreach to a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessed Attack.Databreach ; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessed Attack.Databreach . No content or any customer documents sent through DocuSign ’ s eSignature system was accessed Attack.Databreach ; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks like Attack.Phishing it ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stole Attack.Databreach the company ’ s customer email list are going to be putting it to nefarious use for some time to come .

GameStop customers received breach Attack.Databreach notification warnings this week , cautioning them that their personal and financial information could have been compromised Attack.Databreach nine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolen Attack.Databreach , including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breach Attack.Databreach occurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolen Attack.Databreach . “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breach Attack.Databreach of his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromised Attack.Databreach , according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtained Attack.Databreach by unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized access Attack.Databreach to payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breach Attack.Databreach are how many customers may have been impacted , how was the data stolen Attack.Databreach and how was GameStop alerted to the fact the data had been stolen Attack.Databreach . In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breach Attack.Databreach involved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breach Attack.Databreach occurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolen Attack.Databreach through the use of malware . Over the past 12 months , there has been an unprecedented number of data breaches Attack.Databreach . Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphon Attack.Databreach off credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .