Collaborate Disseminate
I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast:
The response from each search was coming back so quickly that the user wasn’t sure
Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I’d seen a metric about this sometime recently, so I went looking for “7,000”, which perfectly illustrates how unaware we are of the
Continue reading Inside the DemandScience by Pure Incubation Data Breach
The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I’m writing this after many recent such
TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.
How many attempted scams do you get each day?
Continue reading Begging for Bounties and More Info Stealer Logs
Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the
Continue reading Telegram Combolists and 361M Email Addresses
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they’ve coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog
We often do that in this industry, the whole “1.0” thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an “employee”. Over time,
Continue reading Have I Been Pwned Employee 1.0: Stefán Jökull Sigurðarson
I hate having to use that word – “alleged” – because it’s so inconclusive and I know it will leave people with many unanswered questions. But sometimes, “alleged” is just where we need to begin and over the course of time, proper attribution is
Continue reading Inside the Massive Alleged AT&T Data Breach
I’ve always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they&
so I checked my passwords with the Google Password Manager integrated into Chrome.
Google shows me Passwords as "hacked" that https://haveibeenpwned.com/Passwords says are fine, and also Google lists Passwords as okay/weak that h… Continue reading Google Password Manager vs Have I Been Pwned [closed]