Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

HIBP 2.0 (Have I Been Pwned) has launched with a redesigned interface, improved search features, and a new Breach Page that provides incident details and recovery tips.

Users can now receive breach notifications, and domain search has been enhanced. Support for usernames and phone numbers has been removed.

My personal advice: never disclose passwords online.

https://cybernews.com/tech/troy-hunt-launches-hibp-2-0-data-breach-search-engine/

#DataBreach #Cybersecurity #HIBP #HaveIBeenPwned #Privacy #Security #Password #PasswordSecurity

#HaveIBeenPwned 2.0: Mehr Geschwindigkeit & Konfetti 🎉 | heise online https://www.heise.de/news/Have-I-Been-Pwned-2-0-Mehr-Geschwindigkeit-Konfetti-10391118.html #HIBP

Bei #spotify scheint jemand Daten rausgetragen zu haben - oder warum bekomme ich auf genau für diese und keinen anderen Zweck genutzte Emailadresse seit kurzem zielgerichtet #phishing Mails ala "Aktualisieren Sie Ihre Zahlungsmethode, um Ihr Spotify-Abo beizubehalten"? 🤬
#haveibeenpwned hat dazu noch keine Info 🤷🏻‍♂️

Troy Hunt: Have I Been Pwned 2.0 is Now Live!. “Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in March of this year. Over the course of this time, we’ve completely rebuilt the website, changed the functionality of pretty much every web page, added a heap of new features, and today, we’re even launching a merch […]

https://rbfirehose.com/2025/05/20/troy-hunt-have-i-been-pwned-2-0-is-now-live/

🎉 Hooray! After just a *casual* 15-month sprint, Troy Hunt has finally unleashed Have I Been Pwned 2.0 upon the world, complete with a merch store, because nothing says "cybersecurity" like a T-shirt. 🤦‍♂️ Just imagine all those hackers trembling at the sight of your new branded mug. ☕💻
https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/ #HackerNews #Cybersecurity #HaveIBeenPwned #TroyHunt #MerchLaunch #HackerNews #ngated

Have I Been Pwned 2.0 is Now Live! - Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get ... https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/ #haveibeenpwned

After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users - Presently sponsored by: Join Snyk's May 15th event to discover how to establish a ... https://www.troyhunt.com/after-the-breach-finding-new-partners-with-solutions-for-have-i-been-pwned-users/ #haveibeenpwned

Gestion des mots de passe

La journée de sensibilisation aux mots de passe. @jevalideca partage un tutoriel complet, mais vraiment complet, pour ne plus jamais avoir à te soucier de mots de passe faibles, perdus, oubliés ou en double…

Ce n'est pas un pitch de vente déguisé. C'est une formation complète, équivalent à 79 pages imprimées !

Il n'est pas complet, non, non, non...
Il est SUPERHYPERCOMPLET (Je sais ce mot n'existe pas, mais bon, on ne va pas CHIPOLATER ou MERGUEZER 🌭 dessus hein... c'est le printemps, les oiseaux chantent, les mouches pètent et tout le monde est heureux 😜).

J'ai tout particulièrement apprécié la partie "Les dictionnaires de mots de passe fréquents" :
https://jevalide.ca/pleineconfiance/gestion-des-mots-de-passe/#les-dictionnaires-de-mots-de-passe-fr-quents

Pour ce qui est des 100000 mots de passe les plus fréquents sur #HaveIbeenPwned le site NCSC, voici la réponse :
"Sorry - the page you're looking for has been removed"

Bon ce n'est pas tout, mais j'ai encore de la lecture 👀 📖

#KeepassXC #Bitwarden #Password #Cybersecurity #securite #DonnéesPersonnelles #Privacy #RegainPrivacy #Linux #OpenSource

https://jevalide.ca/pleineconfiance/gestion-des-mots-de-passe/

Photo de Miguel Á. Padriñán

The Have I Been Pwned Alpine Grand Tour - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... https://www.troyhunt.com/the-have-i-been-pwned-alpine-grand-tour/ #haveibeenpwned

Welcoming The Gambia National CSIRT to Have I Been Pwned - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... https://www.troyhunt.com/welcoming-the-gambia-national-csirt-to-have-i-been-pwned/ #haveibeenpwned #government

Looked like MailChimp ... let Troy Hunt's over-riding give us pause next time: ‘does over-riding the password manager really make sense?’ [1 hr. video] https://bryl.link/13f #haveibeenpwned #security #breaches

TIL if you generate and store all even faintly possible IPv4 IPs - 0.0.0.0 through 255.255.255.255 - as ASCII strings ... it takes about 58GB.

This is a #HaveIBeenPwned subtoot. 😜

#PasswordCracking

I typically get phishing emails to my email addresses that are public-showing. It's to be expected.

But I just got one to an email I use only when purchasing or signing up for free plug-in services, almost all WordPress and plenty of them.

So it would seem there has been a breach, but I haven't been notified and I don't see it on #HaveIBeenPwned.

There's a decent chance I've made a purchase with a debit card.

Yeah that's cool.

#infosec

#HaveIBeenPwned: 216.000 von #Samsung geklaute Datensätze integriert | Security https://www.heise.de/news/Have-I-Been-Pwned-270-000-von-Samsung-geklaute-Datensaetze-integriert-10350827.html #DataLeak #Datenleck #DataBreach #Datenschutz #privacy #Spectos #hibp

Datenschutzverletzungen nachweisen mit haveibeenpwned – Gericht erkennt Belegkraft bei DSGVO-Verstößen an
Das OLG Dresden erkennt Auszüge von haveibeenpwned als Nachweis für Datenschutzverletzungen an. Betroffene können so Kontrollverlust
https://kanzlei-kramarz.de/datenschutzverletzungen-nachweisen-mit-haveibeenpwned-gericht-erkennt-belegkraft-bei-dsgvo-verstoessen-an/
#Datenschutz #DerAnwaltsBlogVonRechtsanwaltKramarz #ITRecht #datenschutzverletzung #DSGVO #HaveIBeenPwned #nachweis

Security Expert Troy Hunt Lured in by Mailchimp Phish

https://www.darkreading.com/cyberattacks-data-breaches/security-expert-troy-hunt-lured-mailchimp-phish

#phishing #Cybersecurity #TroyHunt #HaveIBeenPwned #mailchimp

Passiert auch Profis: Gründer von #HaveIBeenPwned fällt auf #Phishing-Mail rein

https://www.golem.de/news/passiert-auch-profis-gruender-von-haveibeenpwned-faellt-auf-phishing-mail-rein-2503-194732.html

#HIBP

#TroyHunt fell for a #phishing attack on his mailinglist members: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.

Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: https://arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.

Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.

Note: any 2FA is better than no 2FA at all.

#email #malware #security #OTP #TOTP #Passkey #haveibeenpwned #Ihavebeenpwned

“Infosec veteran Troy Hunt of #HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his #Mailchimp mailing list.

He said the list comprises around 16,000 records and every active #subscriber will be receiving a notification and apology #email soon. …

Around half of these records (7,535), however, pertain to individuals who had #unsubscribed from the list”

#InfoSec / <https://theregister.com/2025/03/25/troy_hunt_mailchimp_phish/>