#HaveiBeenPwned

knoppixknoppix95
2025-05-23

HIBP 2.0 (Have I Been Pwned) has launched with a redesigned interface, improved search features, and a new Breach Page that provides incident details and recovery tips.

Users can now receive breach notifications, and domain search has been enhanced. Support for usernames and phone numbers has been removed.

My personal advice: never disclose passwords online.

cybernews.com/tech/troy-hunt-l

Abimelech B. 🐧🇩🇪| wörk ™️abimelechbeutelbilch@fulda.social
2025-05-21

Bei #spotify scheint jemand Daten rausgetragen zu haben - oder warum bekomme ich auf genau für diese und keinen anderen Zweck genutzte Emailadresse seit kurzem zielgerichtet #phishing Mails ala "Aktualisieren Sie Ihre Zahlungsmethode, um Ihr Spotify-Abo beizubehalten"? 🤬
#haveibeenpwned hat dazu noch keine Info 🤷🏻‍♂️

2025-05-20

Troy Hunt: Have I Been Pwned 2.0 is Now Live!. “Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in March of this year. Over the course of this time, we’ve completely rebuilt the website, changed the functionality of pretty much every web page, added a heap of new features, and today, we’re even launching a merch […]

https://rbfirehose.com/2025/05/20/troy-hunt-have-i-been-pwned-2-0-is-now-live/

N-gated Hacker Newsngate
2025-05-19

🎉 Hooray! After just a *casual* 15-month sprint, Troy Hunt has finally unleashed Have I Been Pwned 2.0 upon the world, complete with a merch store, because nothing says "cybersecurity" like a T-shirt. 🤦‍♂️ Just imagine all those hackers trembling at the sight of your new branded mug. ☕💻
troyhunt.com/have-i-been-pwned

2025-05-19

Have I Been Pwned 2.0 is Now Live! - Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get ... troyhunt.com/have-i-been-pwned #haveibeenpwned

2025-05-08

After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users - Presently sponsored by: Join Snyk's May 15th event to discover how to establish a ... troyhunt.com/after-the-breach- #haveibeenpwned

2025-05-02

Gestion des mots de passe

La journée de sensibilisation aux mots de passe. @jevalideca partage un tutoriel complet, mais vraiment complet, pour ne plus jamais avoir à te soucier de mots de passe faibles, perdus, oubliés ou en double…

Ce n'est pas un pitch de vente déguisé. C'est une formation complète, équivalent à 79 pages imprimées !

Il n'est pas complet, non, non, non...
Il est SUPERHYPERCOMPLET (Je sais ce mot n'existe pas, mais bon, on ne va pas CHIPOLATER ou MERGUEZER 🌭 dessus hein... c'est le printemps, les oiseaux chantent, les mouches pètent et tout le monde est heureux 😜).

J'ai tout particulièrement apprécié la partie "Les dictionnaires de mots de passe fréquents" :
jevalide.ca/pleineconfiance/ge

Pour ce qui est des 100000 mots de passe les plus fréquents sur #HaveIbeenPwned le site NCSC, voici la réponse :
"Sorry - the page you're looking for has been removed"

Bon ce n'est pas tout, mais j'ai encore de la lecture 👀 📖

#KeepassXC #Bitwarden #Password #Cybersecurity #securite #DonnéesPersonnelles #Privacy #RegainPrivacy #Linux #OpenSource

jevalide.ca/pleineconfiance/ge

Photo de Miguel Á. Padriñán

Photo de Miguel Á. Padriñán: https://www.pexels.com/fr-fr/photo/impression-numerique-blanche-et-rouge-2882630/
2025-05-02

The Have I Been Pwned Alpine Grand Tour - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... troyhunt.com/the-have-i-been-p #haveibeenpwned

2025-05-01

Welcoming The Gambia National CSIRT to Have I Been Pwned - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... troyhunt.com/welcoming-the-gam #haveibeenpwned #government

Bryley Systemsbryley
2025-04-24

Looked like MailChimp ... let Troy Hunt's over-riding give us pause next time: ‘does over-riding the password manager really make sense?’ [1 hr. video] bryl.link/13f

2025-04-20

TIL if you generate and store all even faintly possible IPv4 IPs - 0.0.0.0 through 255.255.255.255 - as ASCII strings ... it takes about 58GB.

This is a #HaveIBeenPwned subtoot. 😜

#PasswordCracking

Redacted screenshot of cracking results against public HIBP hashes, in hash:plain potfile format. Hashes are redacted. Plaintexts show a pattern of a very common password, a space, the string 'http', and then the beginning of an IP address. The right-hand side of the image is truncated, so that only the beginnings of the IPs are shown.

Also, it should be immediately obvious that, despite their presence in the HIBP corpus, the likelihood of these plaintexts -- the result of bad parsing of infostealer data -- would *ever* be chosen by a real person approaches zero, which makes the value of using them to check for password reuse also approach zero.
2025-04-16

I typically get phishing emails to my email addresses that are public-showing. It's to be expected.

But I just got one to an email I use only when purchasing or signing up for free plug-in services, almost all WordPress and plenty of them.

So it would seem there has been a breach, but I haven't been notified and I don't see it on #HaveIBeenPwned.

There's a decent chance I've made a purchase with a debit card.

Yeah that's cool.

#infosec

2025-04-07

Datenschutzverletzungen nachweisen mit haveibeenpwned – Gericht erkennt Belegkraft bei DSGVO-Verstößen an
Das OLG Dresden erkennt Auszüge von haveibeenpwned als Nachweis für Datenschutzverletzungen an. Betroffene können so Kontrollverlust
kanzlei-kramarz.de/datenschutz
#Datenschutz #DerAnwaltsBlogVonRechtsanwaltKramarz #ITRecht #datenschutzverletzung #DSGVO #HaveIBeenPwned #nachweis

Karl Voit :emacs: :orgmode:publicvoit@graz.social
2025-03-26

#TroyHunt fell for a #phishing attack on his mailinglist members: troyhunt.com/a-sneaky-phish-ju

Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.

Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.

Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.

Note: any 2FA is better than no 2FA at all.

#email #malware #security #OTP #TOTP #Passkey #haveibeenpwned #Ihavebeenpwned

☮ ♥ ♬ 🧑‍💻peterrenshaw@ioc.exchange
2025-03-26

“Infosec veteran Troy Hunt of #HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his #Mailchimp mailing list.

He said the list comprises around 16,000 records and every active #subscriber will be receiving a notification and apology #email soon. …

Around half of these records (7,535), however, pertain to individuals who had #unsubscribed from the list”

#InfoSec / <theregister.com/2025/03/25/tro>

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst