Troy Hunt

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway 😊 All that and more in this week's update. [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [ht...

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in t...

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg ( govcert.lu [https://www.govcert.lu/en/]) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future....

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet [https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action] . This strain of malware dates back as far as 2014 and it became a gateway into infected machin...

Lots of bit and pieces this week, most of which is self-explanatory based on the references below. One thing to add though is the outcome of the ClearVoice Surveys breach I live-tweeted during the stream: someone from there did indeed get in touch with me. We spoke on the phone, they confirmed the legitimacy of the breach and acknowledged they'd seen it posted to a hacking forum where it's now spreading broadly. They're working on their disclosure but as I said to them on the call, the fact it's...

Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed off to Thredbo for a couple of days of mountain biking, hitting trails I've only ever snowboarded down before (yes, we get snow in Australia). Back to normality (I think we can start calling it that now), Rob and I did our book editing session, the Facebook scraping incident (let's stop calling it a "data breach") continued to consume time and in a case of very fortuitous timing, they're c...

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020 [https://www.theregister.com/2020/03/02/financial_startup_loqbox_data_breach/]. Their message began as follows: > I am currently in the process of claiming compensation for a severe data breach which occurred on the 20th February 2020 Now I'll be honest - I had to Google this one. There are so many data breaches today tha...

"What a shit week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. And I ran a workshop over 4 half days. And had 2 lots of guests visiting. And had to deal with all sorts of other unpleasant stuff outside of that. Damn that beer tasted good... [https://itunes.apple.co...

Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center [https://www.rnbo.gov.ua/] who now has access to monitor all their government domains via API domain search, free of charge. Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia....

I've been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense. It all began when Rob Conery [https://rob.conery.io/] reached out a few years ago and said "dude, we should totally turn a bunch of your blog posts into a book" to which I replied, "why?" I mean they're all up on my blog anyway, why on earth would anyone want to read them just stuffed i...