Cyber Security Informer

Search:

DAY

WEEK

MONTH

YEAR

Apr 13 - Apr 19

Apr 06 - Apr 12

Mar 30 - Apr 05

Mar 23 - Mar 29

MORE

MORE

MORE

MORE

Select your country:
Sign up | Log in

downloading-pwned-passwords-hashes-with-the-hibp-downloader

article thumbnail

How I Got Pwned by My Cloud Costs

Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. Something else?

Passwords Accountability Firewall Risk

article thumbnail

Enhancing Pwned Passwords Privacy with Padding

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). They could be searching for any password whose SHA-1 hash begins with those characters. Very slick!

Passwords Data breaches Risk Encryption

Join 29,000+

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Pwned Passwords, Version 5

Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. Shortly after that blog post I launched Pwned Passwords with 306M passwords from previous breach corpuses. 3,768,890 passwords.

Passwords Accountability Authentication Data breaches

article thumbnail

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

Two of my favourite things these days are Have I Been Pwned and Home Assistant. Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. So, it was with great pleasure that I saw the two integrated recently: always something.

Passwords IoT Password Management Data breaches

article thumbnail

Downloading Pwned Passwords Hashes with the HIBP Downloader

Troy Hunt

MAY 19, 2022

Just before Christmas, the promise to launch a fully open source Pwned Passwords fed with a firehose of fresh data from the FBI and NCA finally came true. The idea of taking 16^5 hash ranges, bundling them all up into a single monolithic archive then making it all downloadable seemed a non-trivial task.

article thumbnail

When is a Scrape a Breach?

Troy Hunt

DECEMBER 15, 2021

Someone stumbled across it, downloaded it and then sent it to me. No security controls were breached by the person who downloaded it, they simply accessed a publicly available file. The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. Is this a data breach?

Data breaches Hacking Passwords Accountability

article thumbnail

No, Spotify Wasn't Hacked

Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. When an HIBP subscriber's address appears in one of these incidents, they get an automated notification and often, it seems, they then reach out to me. No, and the passwords are the very first thing that starts to give it all away.

Hacking

Hacking Passwords Accountability Data breaches

article thumbnail

Retro video game website Emuparadise suffered a data breach

Security Affairs

JUNE 10, 2019

Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser. Over the weekend, some Emuparadise forum members reported to have received data breach notification notices from the popular services Have I Been Pwned and HackNotice.

Data breaches Advertising Cybercrime Passwords

article thumbnail

Pwned Passwords, Open Source in the.NET Foundation and Working with the FBI

Troy Hunt

MAY 27, 2021

Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. One you would have been waiting for and one totally out of left field. This is where the.NET Foundation comes in.

Passwords Accountability Cybercrime Authentication

article thumbnail

Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad!

Troy Hunt

OCTOBER 24, 2017

It also had to be something that other people could use to achieve that objective which brings me to the Have I Been Pwned (HIBP) API. It also had to be something that other people could use to achieve that objective which brings me to the Have I Been Pwned (HIBP) API. Scroll down to the bottom for the result.

Passwords Data breaches Accountability Education

article thumbnail

Inside the Cit0Day Breach Collection

Troy Hunt

NOVEMBER 19, 2020

The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture. lines comprised of email address and MD5 hash pairs.

Passwords Password Management Accountability Risk

article thumbnail

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system.

Passwords Identity Theft Consumer Services Password Management

article thumbnail

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

DECEMBER 19, 2021

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.

Passwords Cybercrime Accountability Risk

article thumbnail

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. We block known breached passwords.

Marketing Passwords Authentication Accountability

article thumbnail

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. Here's what it's all about: There's Now 501,636,842 Pwned Passwords.

Passwords Data breaches Mobile Risk

article thumbnail

I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick

Troy Hunt

FEBRUARY 27, 2018

When I launched Pwned Passwords V2 last week , I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. Why Speed Matters for Pwned Passwords. Then the server can warn the user.

Passwords Internet Internet Architecture

article thumbnail

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches Passwords Password Management Accountability

article thumbnail

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". There were 2.7B

Passwords Data breaches Media InfoSec

article thumbnail

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

Troy Hunt

FEBRUARY 26, 2018

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. It then links directly through to 8.8GB worth of easily downloadable data breaches, all obtainable in a single ZIP file.

Data breaches Passwords Accountability Password Management

article thumbnail

2018 Retrospective

Troy Hunt

JANUARY 3, 2019

I guess it's maintained its traction due it being referenced in the HIBP description and there being a huge number of people finding themselves pwned. I guess it's maintained its traction due it being referenced in the HIBP description and there being a huge number of people finding themselves pwned. I love this post.

Passwords Technology Government InfoSec

article thumbnail

Making Light of the "Dark Web" (and Debunking the FUD)

Troy Hunt

FEBRUARY 14, 2018

It's probably a scary image, one that's a bit mysterious, a shady character lurking in the hidden depths of the internet. People have this image in their mind because that's what they've been conditioned to believe: These are the images that adorn the news pieces we read and we've all seen them before. See that bloke in the bottom right?

Data breaches Passwords Marketing Hacking

article thumbnail

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. More specifically, I care about the data that's been exposed in the breach, especially when that data may include my own (I'm very serious).

Passwords Data breaches InfoSec Risk