Collaborate Disseminate
I’ve been harbouring some thoughts about the state of data breaches over recent months, and I feel they’ve finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on
I just watched back a little segment from this week’s video and somehow landed at exactly the point where I said “I am starting to lose my patience with repeating the same thing over and over again” (about 46 mins if you want to skip to
Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the
Continue reading Telegram Combolists and 361M Email Addresses
What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn’t even been confirmed. But as predicted in the video, confirmation
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they’ve coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog
Ah, episode 401, the unauthorised one! Ok, that was terrible, but what’s not terrible is finally getting some serious dev resources behind HIBP. I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and
We often do that in this industry, the whole “1.0” thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an “employee”. Over time,
Continue reading Have I Been Pwned Employee 1.0: Stefán Jökull Sigurðarson
This is the 400th time I’ve sat down in front of the camera and done one of these videos. Every single week since the 23rd of September in 2016 regardless of location, health, stress and all sorts of other crazy things that have gone on in my life
The Post Millennial breach in this week’s video is an interesting one, most notably because of the presence of the mailing lists. Now, as I’ve said in every piece of communication I’ve put out on this incident, the lists are what whoever defaced the
How many different angles can you have on one data breach? Facial recognition (which probably isn’t actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today’s livestream, it’s the unfathomable stupidity of publishing