Troy Hunt

One of the most common use cases for HIBP's API is querying by email address, and we support hundreds of millions of searches against this endpoint every month. Loads of organisations use this service to understand the exposure of their customers and provide them with better protection against account takeover attacks. Many also use it to support customers who've already fallen victim - "hey, did you know HIBP says you're in 7 data breaches, any chance you've been reusing passwords?" Some compan...

Imagine jumping on board a class action after your precious datas have been breached, then sticking through it all the way until a settlement is reached. Then, finally, after a long and arduous battle, cashing in and getting... $1. Well, kinda $1, the ParkMobile class action granted up to $1 for successful claimants. But wait - there's more - because you can't spend it all at once, instead you get it in $0.25 whacks. Oh - and you don't actually get any cash either, instead you get credit for you...

Well, one of them is, but what's important is that we now have a platform on which we can start pushing out a lot more. It's not that HIBP is a particularly complex system that needs explaining in any depth, but we still get a lot of "how do I..." style questions for the fundamentals. Stuff like "how do I search our domain", which is why that's now the very first video we have in the series: You'll also find this on the brand new demos page at haveibeenpwned.com/Demos where you'll soon be s...

So I had this idea around training a text-to-speech engine with my voice, then using that to speak over the Sonos at home to announce AI-driven events, such as people ringing the doorbell. A few hours' worth of video from these weekly updates fed into ElevenLabs and wammo! Here you go: Oh yeah! Now *this* is cool! Or freaky 🤔 Doorbell by @Ubiquiti, voice by @elevenlabsio and orchestration by @home_assistant. It’s an evolution of this post: https://t.co/qwN64UJqWy pic.twitter.com/dMrD9hPT4J...

I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's one of those rare places where the food at every level is just exceptional, and even a basic outing is a treat. As a kid, the most common "fast food" I'd eat was from local "hawker centres", probably what many people would call street food, but never in the...

Using AI to analyse photos and send alerts if I've forgotten to take the bins out isn't going to revolutionise my life, no more so than using it to describe who's at the mailbox when a letter arrives and at the front door when they buzz. But that's really not the point; it's by playing with tech like this that firstly, you come to understand it better and secondly, you find genuinely impactful use cases. I keep scratching my head to try to work out where AI can do something really useful in HIBP...

It seems like every manufacturer of anything electrical that goes in the house wants to be part of the IoT story these days. Further, they all want their own app, which means you have to go to gazillions of bespoke software products to control your things. And they're all - with very few exceptions - terrible: That's to control the curtains in my office and the master bedroom, but the hubs (you need two, because the range is rubbish) have stopped communicating. That one is for the spa, but it...

I'm fascinated by the unwillingness of organisations to name the "third party" to which they've attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that's very often the way with many other incidents too, which, IMHO, sucks. My view is that when our data is provided to a third party and that party exposes it, we have a very reasonable expectation to know who lost...

How much tech stuff do I have sitting there in progress, literally just within arm's reach? I kick off this week's video going through it, and it's kinda nuts. Doing runeos and house build doesn't help, but it means there's just a constant distraction of "things" commanding my attention. I couldn't even go through writing this very short blog post without feeling the need to see if I could pair that smoke alarm directly to ZHA on Home Assistant without needing the Clipsal hub; I couldn't, so now...

Spoiler: I have data from the story in the title of this post, it's mostly what I expected it to be, I've just added it to HIBP where I've called it "Data Troll", and I'm going to give everyone a lot more context below. Here goes: Headlines one-upping each other on the number of passwords exposed in a data breach have become somewhat of a sport in recent years. Each new story wants to present a number that surpasses the previous story, and the clickbait cycle continues. You can see it coming a...