So it's been a bit of a crazy week. I got onto the plane in Australia on Thursday evening just as Europe was waking up to the news of the 773M email address credential stuffing list I loaded into HIBP. And then the flood began; blog comments, emails, tweets - it was an absolute deluge. I spent the flight fielding the ones I could, landed in Oslo and dealt with more on the way up the mountain then frankly, got there and tuned out. Out of office on, blog comments closed and tweets ignored. This trip was planned downtime with my son and good friends and I really needed it.In this week's update, I talk about the coverage of...

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane...Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed. Mind you, a heap of them were asking questions already addressed in the blog post, but that's just the nature of the internet.What...

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper.Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes,...

Well, it's one more sunny weekly update then snow time again so I've gone particularly beachy today. I'm also particularly breachy, talking about a massive combo list I'm presently pondering for inclusion in HIBP. These lists are frequently used for account takeover attacks against the likes of Spotify which is the subject of this week's blog post. Plus, I'm talking a bit about a bunch of Ubiquiti bits I'll be installing soon to fix the problem seen below:Relevant to this week’s video I’m about to publish - my network cupboard shame 😫 pic.twitter.com/SOB9hq6uTH— Troy Hunt (@troyhunt) January 11, 2019 Oh - and I did end up heading out on the water with Kevin Mitnick,...

Time and time again, I get emails and DMs from people that effectively boil down to this:Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they've had a data breachMany years ago, I introduced the concept of pastes to HIBP and what they essentially boil down to is monitoring Pastebin and a bunch of other services for when a trove of email addresses is dumped online. Very often, those addresses are accompanied by other personal information such as passwords. When an HIBP subscriber's address appears in one of these incidents, they get an automated notification and often, it seems, they then reach out to me.Here's a perfect example of what I'm...

And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was in 2017). But we're here now so it's back to business as usual blog wise.This week is dominated by the personal finance lessons blog post. This has gotten massive traction this week and has been read by tens of thousands of people. But perhaps what surprises me most is that out of all the feedback I've had, there's only been one negative comment. O-n-e. Frankly, I'm not even sure...

I started doing these retrospectives 3 years ago in my first year of independence. I reckon they're a good thing for everyone to do if not in written form then at least mentally to look back on your achievements of the year. They're a great way of reflecting on success (and indeed, on failures) and they also help explain why we all feel so damn tired by the end of the year!Here's my 2018 highlights, starting with travel:Travel"Oh yeah, I'm totally gonna travel less this year" - me every single yearIn reality, my travel ended up looking like this:That's the same number as last year, 4 more days and another 8,000km. On the other hand,...

Patience.Frugality.Sacrifice.When you boil it down, what do those three things have in common? Those are choices.Money is not peace of mind.Money’s not happiness.Money is, at its essence, that measure of a man’s choices.This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post. It's a post that has been many years coming, one I started drafting about 5 years ago. One I kept dropping little bits and pieces into as the years went by but never finished because the time just wasn't right. It was only after reflecting on the responses to the...

I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity which was really disappointing to see. Several other non-related events following that demonstrated similar online aggressiveness and I don't know if it was a case of too much eggnog or simply people having more downtime to be dicks online, but it was a really odd spate of bad behaviour.Be that as it may, I hope there's some useful content in this one but I do appreciate the car bit...

And that's it for Canada. I recorded this Saturday morning local before heading out for last runs with the family. It's been fun but as I just tweeted sitting here in the airport:That’s it for Canada! It’s been fun, but it’s time for sunshine again 🇨🇦 ✈️ 🇦🇺 pic.twitter.com/Pbxy83MlHo— Troy Hunt (@troyhunt) December 23, 2018 This week I'm talking about my new (free!) Pluralsight course, yet more data breaches, some really wacky Spotify attitudes towards passwords, a cool new Report URI feature we're looking for beta testers on and introducing an all new sponsor - strongDM. That's it from Canada, it's off to a hot Aussie Christmas now and the next few days will come...