For many years, people would come to Have I Been Pwned (HIBP), run a search on their email address, get the big red “Oh no – pwned!” response and then… I’m not sure. We really didn’t have much guidance until we partnered with 1Password and started giving specific advice about how to secure your digital…
Category: Have I Been Pwned
Europe, Global Security News, Have I Been Pwned
The Have I Been Pwned Alpine Grand Tour
I love a good road trip. Always have, but particularly during COVID when international options were somewhat limited, one road trip ended up, well, “extensive”. I also love the recent trips Charlotte and I have taken to spend time with many of the great agencies we’ve worked with over the years, including the FBI, CISA,…
Global Security News, Government, Have I Been Pwned
Welcoming The Gambia National CSIRT to Have I Been Pwned
Today, we’re happy to welcome the Gambia National CSIRT to Have I Been Pwned as the 38th government to be onboarded with full and free access to their government domains. We’ve been offering this service for seven years now, and it enables national CSIRTs to gain greater visibility into the impact of data breaches on…
Global Security News, Have I Been Pwned, UX
You’ll Soon Be Able to Sign in to Have I Been Pwned (but Not Login, Log in or Log On)
How do seemingly little things manage to consume so much time?! We had a suggestion this week that instead of being able to login to the new HIBP website, you should instead be able to log in. This initially confused me because I’ve been used to logging on to things for decades: So, I went…
Cybersecurity, data breach, Exclusive, Global IT News, Global Security News, Have I Been Pwned, Security, Spyware, stalkerware
Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users
Another consumer-grade spyware operation was hacked in June 2024, which exposed thousands of Apple Account credentials. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Have I Been Pwned
Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand
Designing the first logo for Have I Been Pwned was easy: I took a SQL injection pattern, wrote “have i been pwned?” after it and then, just to give it a touch of class, put a rectangle with rounded corners around it: Job done! I mean really, what more did I need for a pet…
Global Security News, Have I Been Pwned
We’re Backfilling and Cleaning Stealer Logs in Have I Been Pwned
I think I’ve finally caught my breath after dealing with those 23 billion rows of stealer logs last week. That was a bit intense, as is usually the way after any large incident goes into HIBP. But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation…
Android, Apple, Exclusive, Global IT News, Global Security News, Have I Been Pwned, iPad, iPhone, Security, Spyware, stalkerware
Spyzie stalkerware is spying on thousands of Android and iPhone users
Another little-known phone monitoring outfit has quietly amassed half a million customers, whose email addresses are now in Have I Been Pwned. © 2024 TechCrunch. All rights reserved. For personal use only.
Exploits, Global Security News, Have I Been Pwned
Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs
I like to start long blog posts with a tl;dr, so here it is: We’ve ingested a corpus of 1.5TB worth of stealer logs known as “ALIEN TXTBASE” into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. We’ve also added…
Global Security News, Have I Been Pwned
Experimenting with Stealer Logs in Have I Been Pwned
TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they’ve had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API. Nasty stuff, stealer logs. I’ve written about them and…
Book, Global Security News, Have I Been Pwned
“Pwned”, The Book, Is Now Available for Free
Nearly four years ago now, I set out to write a book with Charlotte and RobIt was the stories behind the stories, the things that drove me to write my most important blog posts, and then the things that happened afterwards. It’s almost like a collection of meta posts, each one adding behind-the-scenes commentary that…
Azure, CloudFlare, Emerging Tech, Global Security News, Have I Been Pwned
Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching
I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered…
Exploits, Global Security News, Have I Been Pwned
Inside the DemandScience by Pure Incubation Data Breach
Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I’d seen a metric about this sometime recently, so I went looking for “7,000”, which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started…