Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate. Continue reading Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
Category Archives: Have I been pwned?
Is this (explained in body) a possible attack vector when using haveibeenpwned API?
I’m currently working on understanding and contemplating to implement password strength validation for sign ups in my app, to include checking haveibeenpwned if entered password is compromised elsewhere.
I understand the process involves … Continue reading Is this (explained in body) a possible attack vector when using haveibeenpwned API?
The Unattributable “db8151dd” Data Breach
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know:
Why don’t services like Have I Been Pwned send email if you haven’t signed up?
When a database is breached and my password and email have been leaked I can go onto have I been pwned? and I can see that my password has been leaked. But why wouldn’t the service send out an email notifying me of my leaked password WITHO… Continue reading Why don’t services like Have I Been Pwned send email if you haven’t signed up?
Welcoming the Icelandic Government to Have I Been Pwned
Hot on the heels of onboarding the USA government to Have I Been Pwned last month, I’m very happy to welcome another national government – Iceland! As of today, Iceland’s National Computer Security Incident Response Team (CERT-IS), now has access to the full gamut of their gov domains for both
Continue reading Welcoming the Icelandic Government to Have I Been Pwned
Welcoming the USA Government to Have I Been Pwned
Over the last 2 years I’ve been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I’m very happy to announce the
Continue reading Welcoming the USA Government to Have I Been Pwned
There is a Serious Lack of Corporate Responsibility During Breach Disclosures
Subject: Data Breach of [your service] Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: https://haveibeenpwned.com People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection
Continue reading There is a Serious Lack of Corporate Responsibility During Breach Disclosures
Enhancing Pwned Passwords Privacy with Padding
Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from
Continue reading Enhancing Pwned Passwords Privacy with Padding
Have I Been Pwned No Longer For Sale
Troy Hunt said the popular HIBP will continue to be run as an independent service. Continue reading Have I Been Pwned No Longer For Sale
Project Svalbard, Have I Been Pwned and its Ongoing Independence
This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at: Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of a very intensive process culminating
Continue reading Project Svalbard, Have I Been Pwned and its Ongoing Independence