Troy Hunt

over 3 years ago · Oslo

Sometimes, life feels like a fairytale. This is now my favourite photo ever ❤️

56

2K

25

80

0

troyhunt retweeted

1 day ago

New breach: Baker Distributing had 103k unique email addresses allegedly exposed after appearing on the ShinyHunters "pay or leak" site. The data was mostly corporate contact info including names, addresses and phones. 50% were already in @haveibeenpwned: https://t.co/PmfWpHKRie

2

22

7

6

7K

1 day ago

Going live with my weekly vid in 10 mins! Have I Been Pwned Passes 1,000 Data Breaches: Join Me for a Commemorative Beer 🍺 https://t.co/QIKdd0e5st

1

5

1

7K

2 days ago

I’ve had so many discussions with breached organisations considering if they should disclose. This is the scenario I always paint: one day, the truth may come out, and you’ll forever be waiting for that day when you’re going to have a *really* serious problem.

TechCrunch

@TechCrunch

3 days ago

Former cyber executive turned whistleblower accuses IBM of covering up several data breaches https://t.co/M33Qnr8fpG

10

154

58

38

58K

1

94

12

9

13K

Who to follow

Check if you have an email address or password that has been compromised in a data breach. Created and maintained by @troyhunt.

Dark Reading

@DarkReading

One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.

Black Hat

@BlackHatEvents

The World's Premier Technical Cybersecurity Conference Series

troyhunt retweeted

3 days ago

New breach: BCD Travel was targeted in a ShinyHunters extortion campaign that published 396k email addresses this week. Other data included name, address, phone, job title and support tickets. 28% were already in @haveibeenpwned. Read more: https://t.co/tY9awopINM

6

25

10

3

8K

4 days ago

This has gotta be the laziest @Mailchimp phish ever: “uh, can you just export your entire mailing list and send it to us?” 🤣

10

148

5

19

20K

troyhunt retweeted

5 days ago

New breach: DentaQuest was targeted by a ShinyHunters extortion campaign that saw 2.6M unique email addresses published last weekend. Data also included name, phone, address and for some records, Medicaid ID. 66% were already in @haveibeenpwned. More: https://t.co/AG1wWFCIYj

1

25

7

2

7K

6 days ago

The free gov program at @haveibeenpwned keeps expanding! Today, we welcome our 46th government: the Philippines 🇵🇭 Their National CERT is now using HIBP to help protect government departments, public resources and the people behind them. https://t.co/ezsXdYDnWS

0

85

10

21

8K

7 days ago

Weekly update is up! Breach Week: 7-Eleven; Ameriprise; Mytheresa; Kemper; Charter; The Data Breach Disclosure Lag; Welcoming the Bhutanese Government https://t.co/15ZtVut7ex

0

6

0

4K

7 days ago

@keenthinker @haveibeenpwned Because anyone has been on the internet for a while easily has 100+ accounts. Get 1% of those breached each year and the numbers stack up real fast.

0

2

0

127

7 days ago

That's a massive milestone - 1,000 breaches processed in @haveibeenpwned - and it got me wondering why the service is still needed? But you don't have to look far to see why: https://t.co/4NBrmga6u9

10

90

22

12

11K

7 days ago

@maxsec @c4i @haveibeenpwned Yeah, more a milestone than a celebration I think

0

4

0

100

7 days ago

1,000 data breaches later 😮

7 days ago

New breach: Edmunds was listed by ShinyHunters as allegedly breached in Jan, with the data later published online. It contained 178k unique email addresses, usernames, IP addresses, phone numbers and passwords. 91% were already in @haveibeenpwned. More: https://t.co/zoS1LXeN1G

1

29

10

2

16K

2

27

3

1

9K

troyhunt retweeted

7 days ago

New breach: Edmunds was listed by ShinyHunters as allegedly breached in Jan, with the data later published online. It contained 178k unique email addresses, usernames, IP addresses, phone numbers and passwords. 91% were already in @haveibeenpwned. More: https://t.co/zoS1LXeN1G

1

29

10

2

16K

troyhunt retweeted

9 days ago

New breach: The Atlas Menu GTA V and CS2 cheat service had 64k accounts breached yesterday. Data includes email and IP addresses, usernames, passwords stored as bcrypt hashes and support tickets. 49% were already in @haveibeenpwned. Read more: https://t.co/rBW20cB1EH

2

50

15

6

11K

10 days ago

Going live with my weekly vid in 15 mins! Breach Week: 7-Eleven; Ameriprise; Mytheresa; Kemper; Charter; The Data Breach Disclosure Lag; Welcoming the Bhutanese Government https://t.co/BLRGqdfXHo

1

5

0

1

6K

10 days ago

@fortinho Yep, that’s a fair assessment

0

8

0

544

10 days ago

Aw, I got the SendGrid Pride phish! Four times, to,different (fairly public) addresses.

6

178

13

23

18K

10 days ago

@thetomaspatera LOL, you can just picture the demographic they’re targeting 🤣

0

14

0

564

troyhunt retweeted

11 days ago

New breach: Charter Communications was named in a ShinyHunters "pay or leak" extortion campaign last week after which 4.9M unique email addresses along with name, phone number and physical address were published. 68% were already in @haveibeenpwned. More: https://t.co/gS1ouS5doI

2

35

16

5

9K

11 days ago

That’s 5 weeks where most people in there had no idea their personal info had been obtained by criminals then broadly distributed to other criminals! Privacy regs aren’t fixing this and anecdotally, the disclosure lag is worse than ever, especially with these extortion incidents.

1

5

0

2K

11 days ago

35 days ago, the Carnival data was published by ShinyHunters. Clearly, the company knew about it at the time (that’s how extortion works, plus the comment in the linked article) but at the time, I couldn’t find any disclosure notice, just the comment to press.

about 2 months ago

New breach: Cruise operator Carnival was targeted in a ShinyHunters “pay or leak” attack last week. 8.7M records with 7.5M email addresses and loyalty program data were published yesterday. 85% were already in @haveibeenpwned. Read more: https://t.co/QhqNt0WucV

7

87

35

10

31K

2

18

1

2

13K