Have I been pwned? – Page 3

Welcome to the New Have I Been Pwned Domain Search Subscription Service

Posted on August 7, 2023 by Troy Hunt

Presently sponsored by: Secure your assets, identity and online accounts with our award-winning ID theft protection. Get started with Aura today.

This is a big one. A massive one. It’s the culmination of a solid 7 months of work that finally, as of now, is live. The full back story is in my blog post from mid-June about The Big 5 Announcements but to save you trawling through all

Continue reading Welcome to the New Have I Been Pwned Domain Search Subscription Service→

Have I Been Pwned Domain Searches: The Big 5 Announcements!

Posted on June 15, 2023 by Troy Hunt

Presently sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It’s Zero Trust for Okta. Want to see for yourself? Book a demo.

There are presently 201k people monitoring domains in Have I Been Pwned (HIBP). That’s massive! That’s 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the

Continue reading Have I Been Pwned Domain Searches: The Big 5 Announcements!→

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and “Operation Cookie Monster”

Posted on April 5, 2023 by Troy Hunt

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Zero Trust tailor-made for Okta. Book a demo today.

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen

Continue reading Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and “Operation Cookie Monster”→

How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]

Posted on March 13, 2023 by Chris

I noticed, that the direct download link to the whole list as an archive has vanished from the page at https://haveibeenpwned.com/Passwords .
It now refers to the PwnedPasswordsDownloader git-repo which offers a Windows dotNet Tool. But I … Continue reading How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]→

To Infinity and Beyond, with Cloudflare Cache Reserve

Posted on March 10, 2023 by Troy Hunt

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Device Trust tailor-made for Okta. Book a demo today.

What if I told you… that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service?

No biggy, unless… that was out of a total of more than 166M requests in the same period:

Yep, we

Continue reading To Infinity and Beyond, with Cloudflare Cache Reserve→

Pwned Passwords Adds NTLM Support to the Firehose

Posted on February 9, 2023 by Troy Hunt

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Device Trust tailor-made for Okta. Book a demo today.

I think I’ve pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable

Continue reading Pwned Passwords Adds NTLM Support to the Firehose→

Pwned or Bot

Posted on January 19, 2023 by Troy Hunt

Presently sponsored by: CrowdSec – Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.

It’s fascinating to see how creative people can get with breached data. Of course there’s all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else’s system. When I first built Have

Continue reading Pwned or Bot→

How to find out which data breach my password was in?

Posted on December 30, 2022 by InfiniteLoop

HIBP and my password manager both claim that a password that I am using has been seen in a data leak.
Neither of them provide information about which data leak exactly my password was seen in.
The password is complex and not reused, and I … Continue reading How to find out which data breach my password was in?→

Data Breach Misattribution, Acxiom & Live Ramp

Posted on November 22, 2022 by Troy Hunt

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

If you find your name and home address posted online, how do you know where it came from? Let’s assume there’s no further context given, it’s just your legitimate personal data and it also includes your phone number, email address… and over 400 other

Continue reading Data Breach Misattribution, Acxiom & Live Ramp→

The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing

Posted on November 6, 2022 by Troy Hunt

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.

A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it’s finally here! These are two of the most eagerly awaited, most requested features on HIBP’s UserVoice

Continue reading The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing→