Collaborate Disseminate
One of the things I’m finding with running Have I been pwned (HIBP) is that over time, my approach is changing. Nothing dramatic thus far, usually just what I’d call “organic” corrections in direction and usually in response to things I’ve learned, industry events or changes in the way people
Continue reading Have I been pwned and spam lists of personal information
Let me make it crystal clear in the opening paragraph: this incident is not about any sort of security vulnerability on GitHub’s behalf, rather it relates to a trove of data from their site which was inappropriately scraped and then inadvertently exposed due to a vulnerability in another service. My
I have multiple Yahoo data breaches. I have a Twitter data breach. I have Facebook data breaches. I know they are data breaches from those sources because people told me they are, ergo, they’re data breaches. Except they’re not – they’re all fake. Problem is though, fake data breaches don’t
Continue reading Data breach claims are often poorly researched, unsubstantiated and ultimately fake
We’re now going on almost 3 years since I introduced the Have I been pwned (HIBP) API. In fact it was one of the first things I did after creating HIBP in the first place because I wanted to make the data as accessible as possible and create an ecosystem
Continue reading The public Have I been pwned API now has a Creative Commons Attribution license
I wrote recently about how Have I been pwned (HIBP) had an API rate limit introduced and then brought forward which was in part a response to large volumes of requests against the API. It was causing sudden ramp ups of traffic that Azure couldn’t scale fast enough to meet
Another day, another hack originating from poorly maintained vBulletin software. Continue reading Nearly 800,000 Brazzers Porn Site Accounts Exposed in Forum Hack
Three weeks ago today, I wrote about implementing a rate limit on the Have I been pwned (HIBP) API and the original plan was to have it begin a week from today. I want to talk more about why the rate limit was required and why I’ve had to bring
Continue reading The “Have I been pwned” API rate limit has been brought forward – here’s why
Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that “someone has cobbled together a list of credentials that work on Dropbox” hacked either, but proper hacked to the tune of 68
It’s almost 3 years ago now that I launched the Have I been pwned (HIBP) API and made it free and unlimited. No dollars, no rate limits just query it at will and results not flagged as sensitive will be returned. Since then it’s been called, well, I don’t know
Continue reading The “Have I been pwned” API, rate limiting and commercial use
This question in the title of this post comes up after pretty much every data breach I load so I thought I’d answer it here once and for all then direct inquisitive Have I been pwned (HIBP) users when confusion ensues in the future. Let me outline a number of
Continue reading Why am I in a data breach for a site I never signed up to?