Collaborate Disseminate
Close to a million records belonging to senior citizens in the US were exposed – and since deleted – but included details such as health insurance providers and medical issues Continue reading Unsecured database exposed diabetics’ sensitive data
Someone sent me an email today which essentially boiled down to this:
Hey, Microsoft’s Azure Active Directory alerted me to leaked credentials but won’t give me any details so there’s very little I can do about it
This is a really interesting scenario and it relates to the way Microsoft
Continue reading Random thoughts on the use of breach data for protection of accounts
There’s a seemingly endless flood of data breaches these days. Pretty much every day I get sent dumps from somewhere or other, usually websites I’ve never heard of and often dating back to compromises from years ago. They vary in size from thousands of accounts to many millions – and
Continue reading I just added another 140 data breaches to Have I been pwned
Publicly accessible database wasn’t even protected by a password. Continue reading Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
I hit a bit of a milestone last week with HIBP which I thought deserved a little celebration:
Sometime today, @haveibeenpwned broke through the 1M verified subscriber mark. Having a quiet champagne alone before flying home 😀🍾 pic.twitter.com/whIss3OXeO
— Troy Hunt (@troyhunt) February 2, 2017
A million verified
Continue reading One million subscribers later, here’s the state of Have I been pwned
I’ve written before about how I verify data breaches and discussed it at length in various conference talks. I take verification very seriously because misattribution can have serious consequences on the company involved, those in the alleged breach and indeed, on myself as well. To give you a sense of
Continue reading Introducing “fabricated” data breaches to Have I been pwned
Yesterday, the website known as “LeakedSource” went offline. It’s still early days and there’s not yet an official word on exactly what happened, but the unfolding story seems to be as follows:
Yeah you heard it here first. Sorry for all you kids who don’t have all your own Databases.
Someone has just sent me a data breach. I could go and process the whole thing, attribute it to a source, load it into Have I been pwned (HIBP) then communicate the end result, but I thought it would be more interesting to readers if I took you through the
Someone has just sent me a data breach. I could go and process the whole thing, attribute it to a source, load it into Have I been pwned (HIBP) then communicate the end result, but I thought it would be more interesting to readers if I took you through the
The title says it all and the details are on their blog, but there’s still a lot to talk about. Self-submission to HIBP is not a new thing (TruckersMP was the first back in April), but it’s extremely unusual as here you have an organisation saying “we got hacked, we’d