The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on...
How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password pra...
Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but...
"More Data Breaches Than You Can Shake a Stick At". That seems like a reasonable summary and I suggest there are two main reasons for this observation. Firstly, there are simply loads of breaches...
Data breach verification: that seems like a good place to start given the discussion in this week's video about Accor. Watch the vid for the whole thing but in summary, data allegedly taken from ...
I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've w...
A serious but not sombre intro this week: I mentioned at the start of the vid that I had the classic visor hat on as I'd had a mole removed from my forehead during the week, along with another on...
Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compli...
I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. (EDIT: 12 days after publishing this blog post, it looks ...
https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/
I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at di...
Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification bar...
https://www.troyhunt.com/welcoming-the-liechtenstein-government-to-have-i-been-pwned/
Let me begin by quoting Stefan during the livestream: "​​Turns out having tons of data integrity is expensive". Yeah, and working with tons of data in a fashion that's both fast and cost effe...
Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure . ...
https://www.troyhunt.com/welcoming-the-german-government-to-have-i-been-pwned/
How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious w...
It's just been a joy to watch the material produced by the NCA and friends following the LockBit takedown this week. So much good stuff from the agencies themselves, not just content but high qua...