Troy Hunt

Lots of stuff going on this week, beginning with me losing my mind try to get local control of IoT devices. I'm writing up a much more extensive blog post on this, suffice to say it's a complete mess and all of the suggestions I've had have been well-intentioned, but infeasible for various reasons. But as I say in the video, it has all been worth it and I do get a lot of enjoyment from playing with it all 😊 That and many other cyber things in this week's update. [https://itunes.apple.com/au/po...

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago [https://www.troyhunt.com/data-provided-by-the-estonian-central-criminal-police-is-now-searchable-on-have-i-been-pwned/] , then by the FBI and global counterparts this April [https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-bee...

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned [https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/] (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords [https://www.troyhunt.com/pwned-passwords-open-source-in-the-dot-net-foundation-and-working-with-the-fbi/] ? Many people certainly noticed the time because I kept getting...

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause...

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out. I have an idea around that I'm working on at the mom...

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments. Extending HIBP's reach to more governments around the world helps amplify the usefulness of the project and I look...

Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and open access to domain inquiries across all of its government assets. Each of these announcements results in a large number of additional government requests. I will continue to welcome new...

This week is the culmination of planning that began all the way back in August last year when I announced the intention to start open sourcing the HIBP code base [https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/]. Today, it's finally happened with Pwned Passwords now completely open to all. That's only been possible with the help of the .NET Foundation because as I've said many times now, this is new territory for me. And just to make things really interesting, we're a...

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: > Getting closer and closer to the 1B requests a month mark for @haveibeenpwned [https://twitter.com/haveibeenpwned?ref_src=twsrc%5Etfw]'s Pwned Passwords...

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future....