Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 279

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to. I couldn't on the one hand build out this "brand", for want of a better term, of transparency and then just shelve a breach and not talk about it because it's too uncomfortable. So, here it is, and hopefully that's the last I'll think about it for a very long time. ReferencesIndian Fashion Retailer Data Leaked on Darknet Marketplace (yeah, nah, it's on the clear web, which is even worse)The Brian Krebs book I was trying to remember is Spam Nation...

Weekly Update 278

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However... 9 year old Elle had tested positive on Monday (albeit entirely asymptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today. Yeah, nah and to top it off, 12 year old Ari was positive. Also entirely asymptomatic (and double-vaxed) so instead of ending today with our freedom, we're ending day 15 of our ongoing isolation in, well, more ongoing isolation. If only this family could grasp the concept of parallel processing rather than running the whole thing out in sequence... But hey, we're in a wonderful environment, everyone is well and it's near beer...

Weekly Update 277

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week". A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms. Another few hours later and she's COVID positive. A few days after that and Charlotte is positive too. Then, after 5 days isolating in the master bedroom at home, she's negative. That was weird. It's all weird, not just for us but for everyone at the moment. But this experience did fundamentally change many of our views about the pandemic from the contagiousness of it (off the charts) to the health...

Weekly Update 276

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme... But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021. Thanks everyone for tuning in this year, back soon 😊 ReferencesDildo-delivered malware - it's a great headline, but is it real? (Poe's Law in action)LastPass sent out a bunch of false positive "someone has logged into your account" messages (which was much...

Weekly Update 275

I'd say this is probably the most epic scene I've ever done one of these videos from and equally, the main topic of the day around Pwned Passwords and the work done with the FBI and NCA is the most epic thing I've done for a very long time. On reflection, I feel like this is the first major step towards HIBP growing up and becoming self-sufficient; that Pwned Passwords piece is now owned by the community, supported by the community, contributed to by 2 of the world's foremost law enforcement agencies and used somewhere way north of 1.26 billion times a month. So there's that, and a whole bunch of stuff about this absolutely amazing location right here...

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread around the world (95% of the world's population is within 50ms of one). It looks like this: There are all sorts of amazing Pwned Passwords use cases out there. For example, the Hims personal wellness website: Or literally thousands of other services doing everything from providing their own password checker through to checking their customers' passwords on every registration, login or password change to see if it's previously been breached. And per the network...

Weekly Update 274

As I start out by saying this week's video, it's very summer here and not a day goes by without multiple pool visits. Next week's video is going to be from somewhere epically amazing out of this world that I've wanted to go to for a long time now so stay tuned for that one as I go mobile again. Somehow, today's video stretched out beyond an hour with what felt like a list of pretty minor discussion points, but plenty of good questions and commentary along the way. I hope you enjoy these more conversational episodes and will join me live for a really unique one next week 😊 References2021 was a dumpster fire, so here's the 3D Christmas ornament...

When is a Scrape a Breach?

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car. The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. It's not clear if the car was locked or not. Is this a data breach? Some years later, an outsourcing provider of the Australian Red Cross Blood Service copied a database from production and backed it up to a web server facing the world. Someone stumbled across it, downloaded it and then sent it to me. It was the largest incident of it's kind in Australia and it included my own...

Weekly Update 273

Geez, I'm a bit orange today! I think mucking around with the (excepti0nally cool!) moon lamp towards the beginning of this video threw the colours off a bit. In the past, I'd turn on the auto white balance lock and things would stay steady, but since I put up the Elgato key lamps and the colour has been so steady, I've kind of just let it go. Lesson learned. Plenty of other good things this week though, next week I'll aim to live stream this at the beginning of the day and catch audiences on the US time zones as well. References The 3D printed moon light is soooo nice! (it now looks like this will become a repeatable Xmas...

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he's a normal person, he has the same 1 or 2 or 3 he uses everywhere and even without telling me what they were, I knew they were terrible. Actually, I'll rephrase that: because he was a normal guy; he's not normal anymore because yesterday I carved out some time to give him an early Christmas present: Today I spent an hour getting a mate into @1Password. I bought him a year's worth at $4.99 per month for him, his wife and 3 kids and within an...