Clients of 0x00sec were informed that owing to a cyber assault, their S3 bucket holding database backups was made available to the public.
The S3 bucket contains usernames, email addresses, direct messages, salted PBKDF2 password hashes, and was open to the public for a total of 63 days.
The business claimed they were not aware of any actual misuse of client information and informed them as well as any other users who might have been impacted by the incident.
User data including plaintext usernames, email addresses, direct messages, profile information, and salted PBKDF2 password hashes are included in the material that was disclosed.
Source: https://0x00sec.org/t/0x00sec-security-incident-notification-september-30th-2020/23355
"id": "0X081319523",
"linkid": "0x00sec",
"type": "Cyber Attack",
"date": "07/2020",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"