Troy Hunt

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) and found themselves pwned somewhere or other. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: > large @ticketfly [https://twitter.com/ticketfly?ref_src=twsrc%5Etfw] data bre...

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home ? This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP. Plus, just a li...

We're at NDC Oslo! We found a spot on the floor and recorded this a couple of hours before doing our final talk of the event. In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week [https://scotthelme.co.uk/https-anti-vaxxers/]. And how did it go? Apparently, exceptionally well! > Best talk of the conf! @troyhunt [https://twitter.com/troyhunt?ref_src=twsrc%5Etfw] and @Scott_Helme [https://twitter.com/Sco...

Running Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if...

Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI. This is massive for us, and very, very unexpected too. We talk about why this wee...

I don't normally do back-to-back blog posts, but this was no normal week! I just posted about how I won the European Security Blogger Award Grand Prix Prize for the Best Overall Security Blog [https://www.troyhunt.com/i-just-won-the-european-security-blogger-award-grand-prix-prize-for-the-best-overall-security-blog] and per the title of this post, a couple of hours later Scott Helme and I backed it up with this at the SC Awards [http://www.scawardseurope.com/]: > To us! ? #SCAwards2018 [https:...

I'm not sure how I found myself in a European award program, maybe it's like Australians in Eurovision [https://en.wikipedia.org/wiki/Australia_in_the_Eurovision_Song_Contest]? But somehow, I wiggled my way into The European Security Blogger Awards [https://www.surveymonkey.com/r/EUBloggerAwards2018] and before even having a chance to come down off the high that was last week's Award for Information Security Excellence at the AusCERT conference in Australia [https://www.troyhunt.com/auscert-and...

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks. I also killed off the non-anonymous endpoints of Pwned Passwords today so it's k-anonymity all the way now...

I've been at the AusCERT conference [https://conference.auscert.org.au/] this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: > Off to #AusCERT2018 [https://twitter.com/hashtag/AusCERT2018?src=hash&ref_src=twsrc%5Etfw]! It’s all blue outside today, what an awesome day for a short walk fro...

Back in August, I pushed out a service as part of Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/] via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines [https://www.nist.gov/itl/tig/special-publ...