Weekly Update 398

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me. By all means, have contractual disputes, get lawyers involved and showdown in the courts if you need to, but take data in this fashion and chuck it up online and you're well into criminal territory. It's just nuts, and I suspect there's a lot more yet to play out in this saga.

Listen on Apple Podcasts
Get it on Google Play
Download via RSS


  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Outabox - where do I even begin with this one?! (that's a link to the tweet thread, stay tuned for more there)
  3. Qantas wasn't breached in any sort of malicious fashion, but they've still had a breach (looks like a classic cache key cock-up to me)
  4. Did Bandcamp really email people with their passwords mail-merged into where their name should be? (no, but someone accidentally put their password in the username field and it then appeared in the mail merge... which is also funny 🤣)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals