Backups InfoSec Passwords 
Troy Hunt
FEBRUARY 4, 2024
” This one, as far as infosec stories go, had me leaning and muttering like never before. That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Weak passwords like. "spoutible"
Security Affairs
JANUARY 25, 2021
Leaked data includes names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history. The researcher Rajshekhar Rajaharia analyzed the leaked data, it is a MongoDB database of 6GB that contains three backup files with BuyUcoin data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 30, 2024
That's a high-level generalisation, of course, but whether it's exploiting software vulnerabilities, downloading exposed database backups or phishing admin credentials and then grabbing the data, it's all in the same realm of taking something that isn't theirs. And sometimes, they contact me. A dropped VPN connection.
Troy Hunt
NOVEMBER 21, 2017
Obviously, the work I've been doing with Have I Been Pwned (HIBP) has given me a heap of insight into this specific area of infosec over the last 4 years and the folks from DC felt my views on things might be helpful. That was all great and I was happy to share my thoughts from the other side of the world.
Security Boulevard
APRIL 8, 2025
A SQL Server database backup for a ManageEngines ADSelfService Plus product had been recovered and, while the team had walked through the database recovery, SQL Server database encryption was in use. We see that BCryptHashData was used along with a password provided during the opening of the database masterkey.
Krebs on Security
DECEMBER 29, 2022
I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.
Malwarebytes
FEBRUARY 14, 2022
infosec #cybersecurity #threatintel #cyber #NFL pic.twitter.com/tl7OWM2Aqf — CyberKnow (@Cyberknow20) February 12, 2022. Version two of BlackByte does not have this flaw, so the 49ers will likely have to rely on backups to recover its affected systems. Smart marketing tbh. A timely FBI advisory.
Expert insights. Personalized for you.
364 
Let's personalize your content