Collaborate Disseminate
Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn’t so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing
Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated
Continue reading Welcoming the Austrian Government to Have I Been Pwned
As the mergers and acquisitions activity in the cybersecurity industry continues at a feverish pace, one of its more consumer-friendly brands — the breach-notification database Have I Been Pwned — is hoping for a new home. Have I Been Pwned, a website where visitors can check if their email address has been compromised, is exploring a sale, founder Troy Hunt revealed in a blog post Tuesday. Since its debut in 2013 the site has won praise as a uniquely free and user-friendly way for individuals to get information about incidents. Nearly 3 million people have subscribed to its breach notifications, and 120,000 individuals use it to monitor web domains. Now, Hunt says he will be working with the mergers and acquisitions team at the professional service firm KPMG to search for a potential buyer. He’s calling the process Project Svalbard — an allusion to a massive bank of plant seeds in Norway. “[I]’m already […]
The post Have I Been Pwned enlists KPMG to find a buyer appeared first on CyberScoop.
Continue reading Have I Been Pwned enlists KPMG to find a buyer
Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included. Increasingly, I was writing
Continue reading Project Svalbard: The Future of Have I Been Pwned
A security incident at Emuparadise, a website where users can play classic video games, has exposed information belonging to 1.1 million accounts, according to breach-tracking site Have I Been Pwned. An April 2018 breach on the vBulletin forum section of Emuparadise resulted in the compromising of 1.1 million email addresses, IP addresses, and username and passwords as salted MD5 hashes, according to a Have I Been Pwned announcement. The data was provided to Have I Been Pwned by DeHashed.com, which tracks when user credentials are exposed in large data breaches. The 19-year-old Emuparadise has called itself “the biggest retro gaming website on Earth” by offering nostalgia-laced titles that debuted on old consoles like the Nintendo 64, Super Nintendo, Sega Genesis and others. Few details about the incident immediately were available, though Bleeping Computer reports that the data was for sale on the dark web dating back to January 2019, when it was […]
The post More than 1 million accounts from retro gaming site Emuparadise compromised appeared first on CyberScoop.
Continue reading More than 1 million accounts from retro gaming site Emuparadise compromised
The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week. Continue reading News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety
Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe. Continue reading Troy Hunt: ‘Messy’ Password Problem Isn’t Getting Better
I have been hearing more and more that the haveibeenpwned password list is a good way to check if a password is strong enough to use or not.
I am confused by this. My understanding is that the haveibeenpwned list comes from … Continue reading Is using haveibeenpwned to validate password strength rational?
HIBP is a great service that I’ve been using for a long time.
I had a question surrounding Domain Search feature on HIBP. I believe there has to be some form of verification from our end in order to search for breached accou… Continue reading Have I Been Pwned Breached Email List by Domain Names
I have just started to explore HIBP to check whether we can use HIBP in our public facing interfaces.
AS per my read I have 3 options to check out.
Download the password dictionary and implement my own breached password ch… Continue reading Is haveibeenpwned (HIBP) free and reliable?