Fremde Nutzerdaten sind noch immer über eine öffentliche #API bei #DuoLingo abfragbar: https://blackowlintelligence.com/osint/4
Diese wurden vor einiger Zeit massenhaft abgezogen, bei #TroyHunt sind sie abfragbar
https://www.borncity.com/blog/2023/08/24/duolingo-leck-mit-26-millionen-nutzerdatenstze-prfung-auf-have-i-been-pawned-mglich/
#hibp

See, now, shit like this is why I assume at this point that pretty much all of my info is out there. "Protect your PII" is not a viable strategy for avoiding identity theft, fraud, phishing, etc.
I do still search data broker sites and get my data taken down wherever I can, just to minimize harm, but I don't hold any illusions about that being a complete fix.
Lock or freeze your credit reports, people.
#privacy #infosec #HIBP @troyhunt

Do you want @haveibeenpwned breaches for all your domains directly in Splunk? Now you can!

Introducing the Have I Been Pwned Domain Search app for Splunk.

https://splunkbase.splunk.com/app/6996

Very special thanks to @troyhunt for his work on HIBP, releasing the Domain Search API last weekend, and collaborating with me on some additional endpoints and rating limiting.

https://www.troyhunt.com/all-new-have-i-been-pwned-domain-search-apis-and-splunk-integration/

#hibp #splunk

Il database di BreachForums è in vendita e Have I Been Pwned (HIBP) ha certificato l’autenticità

Il #forum sulla #criminalità #informatica #Breached (alias #BreachForums ), ampiamente noto per le sue attività illegali, è stato recentemente violato. Il #database del #forum è in vendita e i #dati sui suoi partecipanti sono stati trasferiti al servizio Have I Been Pwned (#HIBP).

Condividi questo post se hai trovato la news interessante.

#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity

https://www.redhotcyber.com/post/il-database-di-breachforums-e-in-vendita-e-have-i-been-pwned-hibp-ha-certificato-lautenticita/

Have-I-been-pwned: 2 Millionen Datensätze von Transferdienst #Terravision ergänzt | Security https://www.heise.de/news/Flughafentransferdienst-Terravision-Ueber-2-Millionen-Datensaetze-kompromittiert-8976701.html #Datenschutz #privacy #HIBP #DataLeak #Datenleck #CyberCrime

Since I have an Amazon-only email address on that account which has never seen any hints of leakage to non-AMZN entities (including #HIBP) I’m not too concerned. I’d bet that those ghost sessions were un-logged-off browser sessions orphaned by cookie-cutting. It’s a bit disconcerting that they wouldn’t show them to me.
(Going now to switch the 2FA from SMS to TOTP)

#Amazon #InfoSec

@schenklklopfer @343max ich finde viele Funktionen bei XC auch deutlich besser als bei Keepass(X). Passwort-Schwäche finden, #hibp, favicon, Autotype. Die Android App ist nicht soo komfortabel, aber insgesamt gut. Nutze ich seit Jahren und bin sehr zufrieden 👌🏻

go-hibp v1.0.6 has just been released, introducing support for NTLM hashes in the PwnedPassAPI (see the announcement by Troy Hunt: https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768)

#go #golang #hibp #ntlm :golang: :gopher:

https://github.com/wneessen/go-hibp/releases/tag/v1.0.6

I have at least 35 Twitter accounts (lol) because I start a lot of silly projects and only one - my main personal hypatiadotca account - got a @haveibeenpwned notification today about being included in the breach dump 🤔

These accounts are as old as 2009 and as new as Nov 2022 (though I understand that the breach set is from 2021).

#twitterbreach #twitter #security #databreach #HaveIBeenPwned #hibp

#birdsite #hibp

Funny to see all the breaches added to #HIBP via its RSS-feed. Latest breach added: #deezer from 2019 with 229,037,936 accounts.

This is the feed if you want to follow, too:
https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches

go-hibp v1.0.5 has just been released, fixing and improving the error handling. :golang: :gopher:

#golang #go #hibp

https://github.com/wneessen/go-hibp/releases/tag/v1.0.5

This is really cool, I was looking for exactly this, searching offline!

#HIBP #infosec

Has your password been pwned? Or, how I almost failed to search a 37 GB text file in under 1 millisecond (in Python) - death and gravity
https://death.andgravity.com/pwned

#Kriminalität:

Warum #Ransomware, wenn eine #Erpresser-E-Mail reicht?

Kriminelle verlangen per E-Mail Lösegeld für einen angeblichen Hack des Unternehmensservers. Auch Troy Hunt von #HIBP hat ein solches Schreiben erhalten. ...

https://www.golem.de/news/kriminalitaet-warum-ransomware-wenn-eine-erpresser-e-mail-reicht-2211-169732.html

#Kriminalität:

Warum #Ransomware, wenn eine #Erpresser-E-Mail reicht?

Kriminelle verlangen per E-Mail Lösegeld für einen angeblichen Hack des Unternehmensservers. Auch Troy Hunt von #HIBP hat ein solches Schreiben erhalten. ...

https://www.golem.de/news/kriminalitaet-warum-ransomware-wenn-eine-erpresser-e-mail-reicht-2211-169732.html

The Have I Been Pwned API now has different rate limits & billing. I'll let Troy explain it: https://www.troyhunt.com/the-have-i-been-pwned-api-now-has-different-rate-limits-and-annual-billing/

#security #HIBP #identity #databreach

S3 Ep35: Apple chip flaw, Have I Been Pwned, and Covid tracker trouble [Podcast] - Latest episode - listen now! https://nakedsecurity.sophos.com/2021/06/03/s3-ep35-apple-chip-flaw-have-i-been-pwned-and-covid-tracker-trouble-podcast/ #nakedsecuritypodcast #gdprcompliance #vulnerability #compliance #law&order #dataloss #podcast #privacy #apple #gdrp #hibp #m1

“Have I Been Pwned” breach site partners with… the FBI! - If your password gets stolen as part of a data breach, you'll probably be told. But what ... https://nakedsecurity.sophos.com/2021/06/02/have-i-been-pwned-breach-site-partners-with-the-fbi/ #haveibeenpwned #databreach #law&order #password #privacy #pwned #hibp #fbi

@informapirata sicuri che ci sia su #HIBP?

@MaSven
api.pwnedpasswords.com is a #CloudFlare site. It wouldn't make any sense to do the #HIBP check on a new pw.

CloudFlare sees *unhashed* passwords because the hashing is done on the server side. The passwords are not in-the-clear, but CF still sees them of course b/c CF is where the tunnel terminates. It's CF's tunnel & CF's SSL keys.

@infosechandbook@chaos.social