Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process and Gab because, well, everything about Gab is always weird. The CEO's behaviour is just appalling and that seems to trickle down to many of the users too, including some who joined in the live stream. But hey, it's giving me amazing conference material and some of the stuff from the last couple of days is just so good, I'm going to save it for when I can actually present it in front of a live audience and watch the gasps at just how batshit crazy it is 🙂
References
- Home Assistant is checking secrets in the config file against Pwned Passwords (HA is one of my favourite things, so happy to see this!)
- SuperVPN and GeckoVPN are kinda shady VPN services that both got themselves pwned (they appear to share the same underlying DB)
- The Oxfam charity in Australia was also pwned (including my personal data, which was used as a "proof" of the breach on a hacking forum)
- Ticketcounter in the Netherlands was pwned too (as I say in the video, it's always interesting speaking to people inside organisations dealing with a breach, it gives me a much more human perspective on things)
- Gab was really pwned (including my own personal account, for which I'm still waiting to receive my breach notification)
- Sponsored by MEGA - The world's largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy - try MEGA for free.