Category Archives: Have I been pwned?

Pwned Passwords V3 is Now Live!

Posted on by

Presently sponsored by: Netsparker – a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.

Over recent weeks, I’ve begun planning the release of the 3rd version of Pwned Passwords. If you cast your mind back, version 1 came along in August last year and contained 320M passwords. I made all the data downloadable as SHA-1 hashes (for reasons explained in that post) and stood…

Continue reading Pwned Passwords V3 is Now Live!

The 111 Million Record Pemiblanc Credential Stuffing List

Posted on by

Presently sponsored by: Netsparker – a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.

One of the most alarming trends I’ve seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Per the definition in that link, it simply means this:

Credential stuffing is the automated injection of breached

Continue reading The 111 Million Record Pemiblanc Credential Stuffing List

We’re Baking Have I Been Pwned into Firefox and 1Password

Posted on by

Presently sponsored by: More IoT devices mean more security challenges. DigiCert EVP of Emerging Markets discusses why manufacturers shouldn’t take this lightly.

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it’s after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Frequently, it’s some long-forgotten site they haven’t even thought about in…

Continue reading We’re Baking Have I Been Pwned into Firefox and 1Password

Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

Posted on by

Presently sponsored by: Netsparker – a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.

Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and…

Continue reading Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

Pwned Passwords in Practice: Real World Examples of Blocking the Worst Passwords

Posted on by

Presently sponsored by: Varonis – Your Data. Our Mission. Get a free data risk assessment and gain complete visibility and control over your file shares.

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it “Pwned Passwords” and released 320M of them from real-world data breaches via both a downloadable file and an online…

Continue reading Pwned Passwords in Practice: Real World Examples of Blocking the Worst Passwords

Welcoming the Spanish Government to Have I Been Pwned

Posted on by

Presently sponsored by: Varonis – Your Data. Our Mission. Get a free data risk assessment and gain complete visibility and control over your file shares.

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to…

Continue reading Welcoming the Spanish Government to Have I Been Pwned