Collaborate Disseminate
1,000 breaches is one hell of a milestone. It’s not just the process of getting data, verifying it, loading it, sending notifications etc, it’s all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring
Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines.
The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber
Continue reading Welcoming the Philippine Government to Have I Been Pwned
Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations
Continue reading 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
I’m finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There’s the obvious criminality of it all, but then there’s also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance
Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat
Continue reading Welcoming the Bhutanese Government to Have I Been Pwned
Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made,
It’s a hot topic, the old “pay or don’t pay” for hackers not to leak your data. Since recording this a few days ago, we’ve had Grafana go with the “no pay” approach, and I’ve seen a raft
Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating
Continue reading Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 43rd government onboarded to Have I Been Pwned’s free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches.
Bangladesh joins a growing list of national governments using
Continue reading Welcoming the Bangladesh Government to Have I Been Pwned
Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica.
The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team to identify exposure
Continue reading Welcoming the Costa Rican Government to Have I Been Pwned