Have I Been Pwned

A 159-post collection

Welcoming the Finnish Government to Have I Been Pwned

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly....

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago, then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.) NordLocker has written about the nameless malware that stole 1.2 TB of private data and the first sentence sets the scene: Between 2018 and 2020, a custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 terabytes (TB) of personal informationNordLocker goes into...

Expanding the Have I Been Pwned Volunteer Community

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords? Many people certainly noticed the time because I kept getting asked when it was actually going to happen. With the best of intentions, people wondered why I hadn't just done it already because hey, this was going to make my life easier, right? Uh, no. Along with a heap of other moving parts I needed to get on top of before starting to open up code, one thing that kept me up at night was...

Welcoming the Uruguayan Government to Have I Been Pwned

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause to government departments across the globe....

Welcoming the Belgian Government to Have I Been Pwned

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments. Extending HIBP's reach to more governments around the world helps amplify the usefulness of the project and I look forward to welcoming many more national CERTs in the future....

Welcoming the Dominican Republic Government to Have I Been Pwned

Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and open access to domain inquiries across all of its government assets. Each of these announcements results in a large number of additional government requests. I will continue to welcome new national CERTs on a regular cadence and look forward to seeing many other parts of the world represented in the future....

Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned's Pwned Passwords. 99.6% of those have come direct from @Cloudflare's cache too 😎 pic.twitter.com/zRRbkhT27P — Troy Hunt (@troyhunt) May 27, 2021 That's significant because the sheer volume of requests greatly amplifies the effectiveness of the announcements below. So,...

Welcoming the Trinidad & Tobago Government to Have I Been Pwned

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future....

Welcoming the Swedish Government to Have I Been Pwned

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future....

Welcoming the Romanian Government to Have I Been Pwned

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in the initial post from 2018....