Troy Hunt

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 279

Troy Hunt

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to.

Retail 197

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

When is a Scrape a Breach?

Troy Hunt

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car.

Weekly Update 277

Troy Hunt

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week" A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms.

205
205

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.

Weekly Update 278

Troy Hunt

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today.

169
169

Why No HTTPS? The 2021 Version

Troy Hunt

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones.

VPN 278

Pwned - The Collected Blog Posts of Troy Hunt (Preview)

Troy Hunt

We choose this photo for the cover because this was when it all started. 18-year old Troy, having just discovered the web in early 1995 and chomping at the bit to do something with it.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API.

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence.

Weekly Update 270

Troy Hunt

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it.

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches.

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

Weekly Update 276

Troy Hunt

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme.

Weekly Update 275

Troy Hunt

I'd say this is probably the most epic scene I've ever done one of these videos from and equally, the main topic of the day around Pwned Passwords and the work done with the FBI and NCA is the most epic thing I've done for a very long time.

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP).

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains.

Welcoming the Israeli Government to Have I Been Pwned

Troy Hunt

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board.

Pwned Passwords, Open Source in the.NET Foundation and Working with the FBI

Troy Hunt

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field.

Weekly Update 246

Troy Hunt

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us.

Welcoming the Swedish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden.

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP.

Welcoming the Trinidad & Tobago Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago.

Weekly Update 256

Troy Hunt

Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things?

Weekly Update 253

Troy Hunt

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC.

IoT 253

Expanding the Have I Been Pwned Volunteer Community

Troy Hunt

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ?

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened.

Welcoming the Romanian Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains.

Weekly Update 264

Troy Hunt

A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration.

Weekly Update 273

Troy Hunt

Geez, I'm a bit orange today! I think mucking around with the (excepti0nally cool!) moon lamp towards the beginning of this video threw the colours off a bit.

Weekly Update 271

Troy Hunt

It's been a busy week with lots of little bits and pieces demanding my attention. Coding, IoT'ing, 3D printing and a milestone academic event for Ari: Primary school - done!

Welcoming the Belgian Government to Have I Been Pwned

Troy Hunt

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium.

Weekly Update 269

Troy Hunt

Where does the time go? The video is an hour and 35 mins today, I suspect in part because I've done it on a Saturday morning with a bit more time to spare and, well, there was just a lot of stuff happening.

Weekly Update 272

Troy Hunt

Check out that lighting! The Elgato Key Lights have made a massive difference and they're easily controlled via their Stream Deck or the Home Assistant integration.

Weekly Update 258

Troy Hunt

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style).

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet.

Weekly Update 248

Troy Hunt

Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it.

IoT 251