The Unattributable "Lead Hunter" Data Breach

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve. My hope is that this blog post helps myself and the 69 million other people in this one work out who collected and then exposed their personal information. So, data first, here's what they have on me: Similar deal to last time in that it was an exposed Elasticsearch instance and it was sent over to me by Dehashed. Turns out it's...

Analysing the (Alleged) Minneapolis Police Department "Hack"

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted me to tweet this out earlier today: I'm seeing a bunch of tweets along the lines of "Anonymous leaked the email addresses and passwords of the Minneapolis police" with links and screen caps of pastes as "evidence". This is almost certainly fake for several reasons: — Troy Hunt (@troyhunt) May 31, 2020 I was CC'd into a bunch of threads that were redistributing the...

Weekly Update 193

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date. Fair enough too, yet somehow - still beyond my comprehension - there was a bunch of outrage expressed at the necessity to provide personal information. Talk of data breaches, stalking and government control ensued which all started to get a little "tinfoil hat", to my mind. My (more candid!...

Weekly Update 192

Hey, check out that haircut! And shirt! It's almost like I'm a professional again 😊 Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level I don't think I've seen since Feb and I've gotta say, it's actually kind of nice. If only I had somewhere I could actually go out to... In other news, the “db8151dd” breach consumed a bunch of time this week, but at least publishing that ultimately led to the community identifying the source. I delve into that this week, as well as how we're dealing with the whole pandemic thing...

The Unattributable "db8151dd" Data Breach

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Here's what I know: Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total, the first 30 of which look like this: The global unique identifier beginning with "db8151dd" features heavily on these first lines hence the name I've given the breach. I've had to give...

Weekly Update 191

I think I'm going to stick with the live weekly update model for the foreseeable future. It makes life so much easier when it comes to editing, rendering and uploading and it means I always have something out on time. So, that's that, other news this week is mostly just bits and pieces here and there and some banter with the audience and that's just fine, it's nice having a quieter week sometimes 😊 ReferencesFinally cleaned up my garage with an awesome bike storage solution (this makes me enormously happy 😊)The UniFi G4 Pro cameras are now hardwired in (tweet thread here including creating privacy and motion zones)Underneath the surface facade of success is a huge amount of "invisible" effort...

Weekly Update 190

I went with the "just record it live" approach again this week and honestly, it's working out much better for me. It's easier to publish (no manual retrieval of audio and video from devices, no editing in Premier, no waiting for upload) and doing it in my office gets almost the same audio and video quality as the "old" way anyway. Plus, I get to interact with people whilst recording so all in all, I'm pretty happy with this approach. Let me know how you find it and if you have any suggestions for improvement, I'll try and do this earlier in the day next Friday to hit the Aus and US friendly time zones rather than Aus and Europe...

Weekly Update 189

Last week, I got the vid out a day late and by early afternoon today it looked like I was heading the same way. So, for the first time I ended up just live streaming it direct to YouTube. I actually quite liked the interaction, although I picked the quietest time in the day with most of the world asleep and obviously the audio quality wasn't the same as sitting in my office but still, not a bad end result I reckon. I decided to sit outside on the boat as in just a few hours from now, our restrictions here will begin lifting and we'll actually be able to head out on it for leisure again. I talk a...

COVIDSafe App Teardown & Panel Discussion

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "TraceTogether" gains momentum. I'd willingly run it and I want to explain why because there's also some very valid concerns. Let's begin: — Troy Hunt (@troyhunt) April 16, 2020...

Weekly Update 188

It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here. We've fared exceptionally well in Australia and I'm conscious many people watching this are in very different situations, this is merely my experience and what my daily life looks like at present. ReferencesThe COVID19 Australia...