SecureWorld News

JANUARY 6, 2023

It appears the dataset was created in 2021, after a threat actor exploited a Twitter API vulnerability which allowed users to input emails and phone numbers to confirm whether they were associated with a Twitter ID. Twitter did fix this API vulnerability in January 2022, but the damage was already done. January 4, 2023.

Data breaches 87

Data breaches Accountability Cyber threats Hacking 87

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. In part 2 , I covered IP addresses and the importance of a decent network to run all this stuff on, followed by Zigbee and the role of low power, low bandwidth devices.

IoT 358

IoT Firmware Risk Manufacturing 358

Lenny Zeltser

APRIL 16, 2020

SpiderFoot is a tool for gathering Open Source Intelligence (OSINT) and threat intelligence about IPs, domains, e-mail addresses, and other research targets from many data sources, including services such as Shodan and Have I Been Pwned. I used Ubuntu, though you can select another distro if you prefer.

DNS 112

DNS Internet Internet Software 112

Troy Hunt

FEBRUARY 4, 2024

Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API. Just your classic case of putting someone else's username in the URL and getting back data about them, which at first glance I assumed was another scraping situation like we recently saw with Trello.

Passwords 363

Passwords Accountability Backups Data breaches 363

Troy Hunt

OCTOBER 27, 2022

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP). The theory checked out, and now with the benefit of several years of data, I can confidently say abuse is near non-existent.

Authentication 293

Authentication Accountability Data breaches Internet 293

Troy Hunt

MAY 27, 2021

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. of those have come direct from @Cloudflare 's cache too ??

Passwords 359

Passwords Accountability Cybercrime Authentication 359

Troy Hunt

APRIL 5, 2023

This breach has been flagged as "sensitive" which means it is not publicly searchable , rather you must demonstrate you control the email address being searched before the results are shown. We implement two factor authentication. Until this week, Genesis had been up and running for 4 years.

Marketing 340

Marketing Passwords Authentication Accountability 340

Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. ticketfly a heads up would have been nice.

Passwords 273

Passwords Data breaches Password Management Accountability 273

Troy Hunt

NOVEMBER 6, 2022

A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Here goes: The Rate Limits and (Some) Pricing is Different The launch blog post for the authenticated API explained the original rationale behind the $3.50

Identity Theft 291

Identity Theft InfoSec Marketing Authentication 291

Troy Hunt

MARCH 29, 2018

In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! I want to talk about why that is, what's changed and what the new partnership looks like. Then they get reused.

Password Management 265

Password Management Passwords Data breaches Retail 265

Troy Hunt

JANUARY 16, 2019

Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper. This is the headline you're seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP).

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Troy Hunt

JULY 19, 2018

So for example, when you have an Azure function and you deploy it under a consumption plan , you pay for per-second resource consumption (how much memory you use for how long) and the number of times it executes. I run it on a single S3 instance which costs $0.40 I run it on a single S3 instance which costs $0.40

DNS 129

DNS Passwords Firewall Authentication 129

Cisco Security

MAY 27, 2022

Meraki Scanning API Receiver by Christian Clasen . Have I Been Pwned. In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . From attendee to press to volunteer – coming back to Black Hat as NOC volunteer by Humphrey Cheung . CyberCrime Tracker. drakefollow[.]com.

Malware 82

Malware Accountability DNS Technology 82

Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. I was tired, alone, emotional and if I'm honest, at an all-time low. My bag hadn't made it.

Data breaches 339

Data breaches Marketing Cyber Insurance InfoSec 339