Weekly Update 344

I feel like a significant portion of this week's video went to discussing "the Coinbase breach that wasn't a Coinbase breach". There are various services out there that are used by the likes of password managers to alert their customers to new breaches (including HIBP in 1Password) and whoever Dashlane is using frankly, royally cocked up the attribution. What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. It's frustrating to watch, and I suspect that will come through when you watch the video too. See what you think.

Listen on Apple Podcasts
Get it on Google Play
Download via RSS


  1. I take an inordinate amount of pleasure in screwing with scammers / spammers (and judging by the reactions to that thread, so do you! 🤣)
  2. Misattributing a data breach can be a pretty serious issue, and Dashlane's provider incorrectly implicating Coinbase as having been pwned isn't a good look (I'm especially frustrated given how much time I invest doing verification so precisely this doesn't happen!)
  3. Domain searches via API are coming to HIBP! (that's a link to a "started" UserVoice idea, vote there if you'd like to be kept in the loop on progress)
  4. I'm trialling using a Twitter subscription to provide earlier insights into breaches and seek community support in handling and disclosing them (no need to explicitly let me know if that's not of interest, just don't sign up 🙂)
  5. Sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Zero Trust tailor-made for Okta. Book a demo today.
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals