Have I Been Pwned

Two of my favourite things these days are Have I Been Pwned [https://haveibeenpwned.com/] and Home Assistant [https://www.home-assistant.io/]. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey [https://www.troyhunt.com/iot-unravelled-part-1-its-a-mess-but-then-theres-home-assistant/] . So, it was with great pleasure that I saw the two integrated recently: > always something... now you are in my @home_assistant [https://twitter.com/home_...

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned [https://haveibeenpwned.com/] as I write this), and for the most part, the situation with Gab is just another day on the internet. But Gab is also different, having grown dramatically in recent months as an alternative to mainstream incumbent platforms such as Twitter and Facebook and drawing a crowd primarily focused on right wing American politics. A couple of days ago, I posted a thread abo...

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT [https://www.cncs.gov.pt/certpt/], now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world....

I had this idea out of nowhere the other day that I should have a visual display somewhere in my office showing how many active Have I Been Pwned (HIBP) subscribers I presently have. Why? I'm not sure exactly, it just seemed like a good idea at the time. Perhaps in this era of remoteness I just wanted something a little more... present. More tangible than occasionally running a SQL query. Or maybe I just wanted to geek out a little on some tech 😎 So I bought a LaMetric [https://lametric.com/...

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data [https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/] . The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn'...

Following in the footsteps of many other national governments before them [https://www.troyhunt.com/tag/government/], I'm very happy to welcome the Canadian Centre for Cyber Security [https://cyber.gc.ca/en/] to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Aus...

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how. HIBP is a Community Project I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A process that...

I love beer. This comes as no surprise to regular followers, nor should it come as a surprise that I maintain an Untappd [https://untappd.com/] account, logging my beer experiences as I (used to 😢) travel around the world partaking in local beverages. When I received an email from someone over that way who happened to be a happy Have I Been Pwned (HIBP) user and wanted some cyber-assistance, I was intrigued. You'll never believe what happened next... The tl;dr is that someone with a BeerAdvoca...

Nearly 7 years ago now, I started a little pet project to index data breaches and make them searchable [https://www.troyhunt.com/introducing-have-i-been-pwned/]. I called it "Have I Been Pwned" and I loaded in 154M breached records which to my mind, was rather sizeable. Time went by, the breaches continued and the numbers rose. A few years later in June 2016 on stage at NDC Oslo, I pushed HIBP through 1B records: > Whoa, we're there, past a billion! There was much applause which I countered wit...

Today, almost one year after the release of version 5 [https://www.troyhunt.com/pwned-passwords-version-5/], I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964‬ (just over 3%). As with previous releases, I've made the call to push the data now simply because there were enough new records to justify the overhead in doing so. Also as with previous releases, version 6 not on...