Another consumer-grade spyware operation was hacked in June 2024, which exposed thousands of Apple Account credentials. © 2024 TechCrunch. All rights reserved. For personal use only.
Category: Have I Been Pwned
Global Security News, Have I Been Pwned
Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand
Designing the first logo for Have I Been Pwned was easy: I took a SQL injection pattern, wrote “have i been pwned?” after it and then, just to give it a touch of class, put a rectangle with rounded corners around it: Job done! I mean really, what more did I need for a pet…
Global Security News, Have I Been Pwned
We’re Backfilling and Cleaning Stealer Logs in Have I Been Pwned
I think I’ve finally caught my breath after dealing with those 23 billion rows of stealer logs last week. That was a bit intense, as is usually the way after any large incident goes into HIBP. But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation…
Android, Apple, Exclusive, Global IT News, Global Security News, Have I Been Pwned, iPad, iPhone, Security, Spyware, stalkerware
Spyzie stalkerware is spying on thousands of Android and iPhone users
Another little-known phone monitoring outfit has quietly amassed half a million customers, whose email addresses are now in Have I Been Pwned. © 2024 TechCrunch. All rights reserved. For personal use only.
Exploits, Global Security News, Have I Been Pwned
Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs
I like to start long blog posts with a tl;dr, so here it is: We’ve ingested a corpus of 1.5TB worth of stealer logs known as “ALIEN TXTBASE” into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. We’ve also added…
Global Security News, Have I Been Pwned
Experimenting with Stealer Logs in Have I Been Pwned
TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they’ve had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API. Nasty stuff, stealer logs. I’ve written about them and…
Book, Global Security News, Have I Been Pwned
“Pwned”, The Book, Is Now Available for Free
Nearly four years ago now, I set out to write a book with Charlotte and RobIt was the stories behind the stories, the things that drove me to write my most important blog posts, and then the things that happened afterwards. It’s almost like a collection of meta posts, each one adding behind-the-scenes commentary that…
Azure, CloudFlare, Emerging Tech, Global Security News, Have I Been Pwned
Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching
I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered…
Exploits, Global Security News, Have I Been Pwned
Inside the DemandScience by Pure Incubation Data Breach
Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I’d seen a metric about this sometime recently, so I went looking for “7,000”, which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started…