I feel like a significant portion of this week's video went to discussing "the Coinbase breach that wasn't a Coinbase breach". There are various services out there that are used by the likes of password managers to alert their customers to new breaches (including HIBP in 1Password) and whoever Dashlane is using frankly, royally cocked up the attribution. What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. It's frustrating to watch, and I suspect that will come through when you watch the video too. See what you think.
References
- I take an inordinate amount of pleasure in screwing with scammers / spammers (and judging by the reactions to that thread, so do you! 🤣)
- Misattributing a data breach can be a pretty serious issue, and Dashlane's provider incorrectly implicating Coinbase as having been pwned isn't a good look (I'm especially frustrated given how much time I invest doing verification so precisely this doesn't happen!)
- Domain searches via API are coming to HIBP! (that's a link to a "started" UserVoice idea, vote there if you'd like to be kept in the loop on progress)
- I'm trialling using a Twitter subscription to provide earlier insights into breaches and seek community support in handling and disclosing them (no need to explicitly let me know if that's not of interest, just don't sign up 🙂)
- Sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Zero Trust tailor-made for Okta. Book a demo today.