Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 242

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much shit breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon! ReferencesI've had a heap of issues with my Shellys on my Ubiquiti network (thought I had it fixed after recording this but now, not so much...)I joined the Phil DeFranco show this week (I really enjoyed this and apparently, heaps of other people did too)My aircon woes are almost over, courtesy of...

Weekly Update 241

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway 😊 All that and more in this week's update. ReferencesHere's the thread on the ~250M US people data set (at 51.6% for the negative, this won't be going into HIBP)The FBI in conjunction with efforts from the Dutch NHTCU and German BKA grabbed a bunch of data from the...

Welcoming the Romanian Government to Have I Been Pwned

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in the initial post from 2018....

Welcoming the Luxemburg Government CERT to Have I Been Pwned

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg (govcert.lu) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future....

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February. Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their...

Weekly Update 240

Lots of bit and pieces this week, most of which is self-explanatory based on the references below. One thing to add though is the outcome of the ClearVoice Surveys breach I live-tweeted during the stream: someone from there did indeed get in touch with me. We spoke on the phone, they confirmed the legitimacy of the breach and acknowledged they'd seen it posted to a hacking forum where it's now spreading broadly. They're working on their disclosure but as I said to them on the call, the fact it's now spread so broadly means I'm notifying my HIBP subscribers ASAP, which I've just done. 15M more record are now in there and based on the backlog I'm currently working through,...

Weekly Update 239

Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed off to Thredbo for a couple of days of mountain biking, hitting trails I've only ever snowboarded down before (yes, we get snow in Australia). Back to normality (I think we can start calling it that now), Rob and I did our book editing session, the Facebook scraping incident (let's stop calling it a "data breach") continued to consume time and in a case of very fortuitous timing, they're copping a class action right after I wrote about my displeasure regarding data breach ambulance chasing. Good timing indeed, here why this is really bugging me in this week's video....

Data Breaches, Class Actions and Ambulance Chasing

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020. Their message began as follows: I am currently in the process of claiming compensation for a severe data breach which occurred on the 20th February 2020Now I'll be honest - I had to Google this one. There are so many data breaches today that I have trouble keeping track of them and there was nothing noteworthy whatsoever about this one that caused it to stick in my memory. Turns out there were a bunch of tweets mentioning me in this context in Feb 2020, but that was all. The...

Weekly Update 238

"What a shit week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. And I ran a workshop over 4 half days. And had 2 lots of guests visiting. And had to deal with all sorts of other unpleasant stuff outside of that. Damn that beer tasted good... ReferencesThe petition in front of UK parliament to require verified IDs on social media platforms has fallen flat (not unsurprising, and the response is actually quite nicely written IMHO)I've probably taken a little...

Welcoming the Ukrainian Government to Have I Been Pwned

Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge. Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia....