Have I Been Pwned

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in t...

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg ( govcert.lu [https://www.govcert.lu/en/]) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future....

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet [https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action] . This strain of malware dates back as far as 2014 and it became a gateway into infected machin...

Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center [https://www.rnbo.gov.ua/] who now has access to monitor all their government domains via API domain search, free of charge. Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia....

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There's been huge interest in this incident, and I've seen near-unprecedented traffic to Have I Been Pwned [https://twitter.com/troyhunt/status/1379363185145176076] (HIBP) over the last couple of days, let me do my best to explain how I've approached the phone number search feature. Or if you're impatient, you can head over to HIBP right now and search for your nu...

Two of my favourite things these days are Have I Been Pwned [https://haveibeenpwned.com/] and Home Assistant [https://www.home-assistant.io/]. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey [https://www.troyhunt.com/iot-unravelled-part-1-its-a-mess-but-then-theres-home-assistant/] . So, it was with great pleasure that I saw the two integrated recently: > always something... now you are in my @home_assistant [https://twitter.com/home_...

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned [https://haveibeenpwned.com/] as I write this), and for the most part, the situation with Gab is just another day on the internet. But Gab is also different, having grown dramatically in recent months as an alternative to mainstream incumbent platforms such as Twitter and Facebook and drawing a crowd primarily focused on right wing American politics. A couple of days ago, I posted a thread abo...

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT [https://www.cncs.gov.pt/certpt/], now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world....

I had this idea out of nowhere the other day that I should have a visual display somewhere in my office showing how many active Have I Been Pwned (HIBP) subscribers I presently have. Why? I'm not sure exactly, it just seemed like a good idea at the time. Perhaps in this era of remoteness I just wanted something a little more... present. More tangible than occasionally running a SQL query. Or maybe I just wanted to geek out a little on some tech 😎 So I bought a LaMetric [https://lametric.com/...

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data [https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/] . The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn'...