Collaborate Disseminate
Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files. Continue reading Spambot Contains ‘Mind-Boggling’ Amount of Email, SMTP Credentials
Last week I was contacted by someone alerting me to the presence of a spam list. A big one. That’s a bit of a relative term though because whilst I’ve loaded “big” spam lists into Have I been pwned (HIBP) before, the largest to date has been a
Continue reading Inside the Massive 711 Million Record Onliner Spambot Dump
Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST’s Digital Identity Guidelines which were recently
Continue reading Introducing 306 Million Freely Downloadable Pwned Passwords
Edit: The following day, I loaded another set of passwords which has brought this up to 320M. More on why later on.
Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the
Continue reading Introducing 306 Million Freely Downloadable Pwned Passwords
Over the weekend, a Have I Been Pwned (HIBP) subscriber contacted me after they found their Spotify credentials online. It turns out that this particular woman went searching for her specific password after finding “some guy listening to Mexican music from a foreign device on my acct”. In the search
Continue reading Pastes on Have I Been Pwned Are No Longer Publicly Listed
Over the weekend, a Have I Been Pwned (HIBP) subscriber contacted me after they found their Spotify credentials online. It turns out that this particular woman went searching for her specific password after finding “some guy listening to Mexican music from a foreign device on my acct”. In
Continue reading Pastes on Have I Been Pwned Are No Longer Publicly Listed
The market for automated credential stuffing tools is growing fast, because of a record number of breaches. Continue reading Password Breaches Fueling Booming Credential Stuffing Business
Over the last few days, I’ve loaded more than 1 billion new records into Have I been pwned(HIBP). As I describe in that blog post, this data was from two very large “combo lists”, that is email address and password pairs created by malicious parties in order to help
Continue reading Here are all the reasons I don’t make passwords available via Have I been pwned
The short version: I’m loading over 1 billion breached accounts into HIBP. These are from 2 different “combo lists”, collections of email addresses and passwords from all sorts of different locations. I’ve verified their accuracy (including my own record in one of them) and many hundreds of millions of the
A few years back, I added a donations page to Have I been pwned (HIBP). Now as I explained at the time, I didn’t particularly need them to cover my hard-cash outgoings because I run the thing on a shoestring, but as I explain on that page, it takes a
Continue reading Microsoft Flow + Azure Storage + WebJobs + MailChimp + Outlook