Weekly Update 383

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do:

Spam lists are the same kettle of fish in that once you learn you're in one, I can't provide you any further info about where it came from and there's no recourse available to you. You're just in there, good luck! And if you do find yourself in one of these lists and are unhappy not that you're in there, but rather that I've told you you're in there, you have 2 easy options:

  1. Ignore it
  2. Unsubscribe

Or, if you've come along to HIBP, done a search and then been unhappy with me, my guitar lessons blog post is an entertaining read 😊

That's all from Europe folks, see you from the sunny side next week!

Listen on Apple Podcasts
Get it on Google Play
Download via RSS


  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. The Naz.API stealer logs and credential stuffing lists got a lot of attention (big shout out to the folks angry that I wouldn't either store truck loads of plain text passwords for them or link them through to the original breach of everyone's personal info 🤦‍♂️)
  3. Couple of phillips head screws through a laptop will stop it from disappearing (and if your takeaway is the correct identification of the laptop make, you're kinda missing the point...)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals