FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Yesterday โ€” October 25th 2025Security

Weekly Update 475

Weekly Update 475

It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it's new enough, legit enough and impactful enough to justify loading and that the value presented to breach victims sufficiently offsets the inevitable chorus of "what am I meant to do with this, tell me exactly what password was exposed for my record". It's an expensive exercise too; we're currently running an Azure SQL Hyperscale database at 80 cores to analyse the ~2 billion credential stuffing email addresses in this corpus. That's 2 billion unique email addresses too ๐Ÿ˜ฎ More on that in the next video, let's just work out if it's going to go live in the system first.

Weekly Update 475
Weekly Update 475
Weekly Update 475
Weekly Update 475

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We poured 183M email addresses from Synthient's threat data collection into HIBP (over 16M of those hadn't been seen by us before)
  3. We're now up to well over 17 billion monthly queries on Pwned Passwords (every month seems to add another billion... or so)
  4. I've had loads of good feedback on the PC build Gist (I've now sent that to a couple of local builders, I'll share the results)

Before yesterdaySecurity

Weekly Update 474

Weekly Update 474

You're not going to believe this - the criminals that took the Qantas data ignored the injunction ๐Ÿ˜ฎ I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time of writing, I was contacted by someone who received a breach alert from a similar service to HIBP in another part of the world and while it didn't explicitly say "Qantas" (side note: I hate it when other services redact the name), it sure as hell sounded like them based on the description and timing. So, good guys have it, bad guys definitely have it, but we don't have it. Everything goes a bit topsy-turvey once the lawyers get involved...

Oh, and apologies for the audio being a couple of seconds out of sync with the video. Something obviously glitched after a Windows update and reboot. Hope you enjoy listening anyway.

Weekly Update 474
Weekly Update 474
Weekly Update 474
Weekly Update 474

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. I ended up posting a Gist with the overview of what I'm looking for in a new PC (jump over there and chime in, I'd love your input)
  3. Vietnam Airlines was a breach within the Scattered LAPSUS$ Hunters data we could process (and it sounds like there were more people impacted by that than Qantas)
  4. If you bought erectile dysfunction pills from Hello Cake, you may be in this one (I've flagged this as "sensitive", so you'll need to sign into your dashboard to see it)
  5. The breach that Prosper lending disclosed earlier last month turned up (quite sizable at 17.6M addresses and quite sensitive info too)

Weekly Update 473

Weekly Update 473

This week's video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the injunction did nothing to stop it. I knew that in advance, and I'm also certain Qantas did too, but that hasn't stopped their messaging from implying the contrary:

This wording remains worrying: "we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published" Clearly, this hasn't "prevented" the release and broad distribution of the data. More: https://t.co/SiuMqDlyHB

โ€” Troy Hunt (@troyhunt) October 12, 2025

I'll save more for the next weekly vid as there's a lot to unpack, suffice to say that since this recording, I've been rather busy with media commentary, including explaining how the data is now out there, it's not just on "the dark web", we don't have it, but the bad guys definitely do.

Weekly Update 473
Weekly Update 473
Weekly Update 473
Weekly Update 473

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. I've got an ongoing X thread I'm adding to as news of the Scattered LAPSUS$ Hunters breaches breaks (I'm sure there'll be many more additions to it yet)
  3. Thoughts, prayers and court injunctions after a data breach (they're all as effective as each other, as has now been demonstrated)

Weekly Update 472

Weekly Update 472

This probably comes through pretty strongly in this week's video, but I love the vibe at CERN. It's a place so focused on the common good of science that all the other cultural attributes that often put people at odds these days fade into the distance. That hit me more than it did on my last visit in 2019, perhaps because of the world events of late that have become so divisive. So, I'm exceptionally happy to give CERN the same level of access to HIBP data as we have the dozens of other national governments that use the service, hear all about that and more in this week's vid:

Weekly Update 472
Weekly Update 472
Weekly Update 472
Weekly Update 472

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We've onboarded CERN to HIBP (they become the 41st government - that's not just a single government - to join the service)
  3. The Latest Pilot Jobs breach went into HIBP (unsalted MD5 password hashes ๐Ÿ˜ฌ)
  4. HomeRefill from Brazil also made its HIBP debut (the site is now defunct, but the data breach will live on forever)

Weekly Update 471

Weekly Update 471

I'm so happy to finally be getting those HIBP demos out! The first couple are simple, but as I say in this week's vid, it's the simple questions we're still dealing with. As if to taunt me (or prove my point), we got this ticket just a couple of hours ago:

Iโ€™m looking at 10-12k api calls per year. Do you have a custom package that will fit this range?

Now, let's see what happens if you drop that exact text into the chatbot on support.haveibeenpwned.com:

Weekly Update 471

There's literally a dedicated KB article about this! In fact, I wrote it only yesterday, yet here we are. Which perhaps says that putting the exact answers people need out there won't actually save us from support queries like this anyway... ๐Ÿค”

Weekly Update 471
Weekly Update 471
Weekly Update 471
Weekly Update 471

References

  1. Sponsored by:ย Oh Dear: All-in-one website monitoring with security alerts for DNS & certificate changes. 10-day free trial. Keep your sites secure!
  2. We got our first HIBP demo up last week on how to do domain searches (it's pretty straightforward, but as I was saying...)
  3. The next HIBP demo covers the API and introduces the free test key (anyone can now start immediately writing code against the API with no need for a subscription)
  4. Bouygues Telecom's breach from last month made its way into HIBP (5.7M unique email addresses is fairly sizeable)
  5. Keeping with the French theme, Cultura also made its way in (it's older, dating back to a year ago, and another 1.5M addresses in there)

Weekly Update 470

Weekly Update 470

Imagine jumping on board a class action after your precious datas have been breached, then sticking through it all the way until a settlement is reached. Then, finally, after a long and arduous battle, cashing in and getting... $1. Well, kinda $1, the ParkMobile class action granted up to $1 for successful claimants. But wait - there's more - because you can't spend it all at once, instead you get it in $0.25 whacks. Oh - and you don't actually get any cash either, instead you get credit for your next parking. And you've gotta use it all within about the following year, unless you're in California, where you can ride that sweet, sweet 4 x 25c gravy train for as long as you want. Meanwhile, instead of prioritising victims, breached companies lawyer up quickly in an attempt to head off later actions like these ๐Ÿคทโ€โ™‚๏ธ

Weekly Update 470
Weekly Update 470
Weekly Update 470
Weekly Update 470

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device
  2. The ParkMobile data breach class action payout was... (well, you've already read the intro text above)
  3. You know who makes money out of data breach class actions? (spoiler: lawyers)
  4. The Swedish system supplier Miljรถdata had their ransomed and dumped data loaded into HIBP (870k Swedes exposed in that one)
  5. The FreeOnes forum data breach from years ago also found its way into HIBP (maybe don't check that website while you're in the office...)

Weekly Update 469

Weekly Update 469

So I had this idea around training a text-to-speech engine with my voice, then using that to speak over the Sonos at home to announce AI-driven events, such as people ringing the doorbell. A few hours' worth of video from these weekly updates fed into ElevenLabs and wammo! Here you go:

Oh yeah! Now *this* is cool! Or freaky ๐Ÿค” Doorbell by @Ubiquiti, voice by @elevenlabsio and orchestration by @home_assistant. Itโ€™s an evolution of this post: https://t.co/qwN64UJqWy pic.twitter.com/dMrD9hPT4J

โ€” Troy Hunt (@troyhunt) September 12, 2025

As an unexpected bonus, it's totally freaking the family out ๐Ÿคฃ But it does make you think about both the potential for good and for abuse. The latter is kinda mind-boggling when you get to thinking more about it...

Weekly Update 469
Weekly Update 469
Weekly Update 469
Weekly Update 469

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. Just before posting this, I finally finished off the Prusa Core One build and calibration (the latter did consume a lot more time than expected, but we got there in the end)
  3. We're now well past 16 billion monthly requests on Pwned Passwords (with a tasty 99.99% cache hit ratio too ๐Ÿ˜Ž)
  4. The ElevenLabs TTS example with my voice leverages the previous post I wrote about using AI to describe who's at the door (just with a cooler voice now ๐Ÿคฃ)

Weekly Update 468

Weekly Update 468

I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's one of those rare places where the food at every level is just exceptional, and even a basic outing is a treat. As a kid, the most common "fast food" I'd eat was from local "hawker centres", probably what many people would call street food, but never in the "I'm not sure what my night will look like after eating it" kind of way. Noodles, satay, BBQ pork, and all that sort of thing. Or on the pricier side, no visit back is complete without Singapore chilli crab, which served as our final meal on Thursday before we jumped on the plane home. And that's one of the great joys of travel - the ability to experience the differences that make these trips so much more enjoyable. The last time I remember thinking how exceptional the food was was in Reykjavik earlier this year. I think it's time to pay Stefan another visit ๐Ÿคค

Weekly Update 468
Weekly Update 468
Weekly Update 468
Weekly Update 468

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. I finally have my own plaque on a wall! (31 years after graduating, I'm now a "Distinguished Alumni" ๐Ÿ˜Š)

Weekly Update 467

Weekly Update 467

Using AI to analyse photos and send alerts if I've forgotten to take the bins out isn't going to revolutionise my life, no more so than using it to describe who's at the mailbox when a letter arrives and at the front door when they buzz. But that's really not the point; it's by playing with tech like this that firstly, you come to understand it better and secondly, you find genuinely impactful use cases. I keep scratching my head to try to work out where AI can do something really useful in HIBP and little exercises like throwing it into the home automation help get that part of the brain working. No epiphanies as yet, unfortunately. Got any good ideas?

Weekly Update 467
Weekly Update 467
Weekly Update 467
Weekly Update 467

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We're in Singapore! (I don't often wear a tux so it might be a while until you see a photo like that again ๐Ÿคฃ)
  3. 107k email addresses from TheSqua.re breach went into HIBP (have a listen to how many goes I had at making contact with someone there...)
  4. Sending pictures from my Ubiquiti cams to AI APIs via Home Assistant redfines "smart home" (and will hopefully give me some good ideas for where we can make good use of it in HIBP)

Weekly Update 466

Weekly Update 466

I'm fascinated by the unwillingness of organisations to name the "third party" to which they've attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that's very often the way with many other incidents too, which, IMHO, sucks. My view is that when our data is provided to a third party and that party exposes it, we have a very reasonable expectation to know who lost it. My own personal info was exposed in the Ticketek breach last year; can you find any mention whatsoever in that disclosure notice of Snowflake DB? Nope, but that's the "reputable, global third party supplier" they refer to. Another fun fact: the other third party they don't name is HIBP: "We are aware some customersย have recently been contacted by a third party regarding the impact to their information". ๐Ÿคทโ€โ™‚๏ธ

Weekly Update 466
Weekly Update 466
Weekly Update 466
Weekly Update 466

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Allianz Life was breached with 1.1 million unique email addresses affected (the unnamed third party is apparently Salesforce)
  3. The 16 million record PayPal "breach" always smelled bad (probably because it's not a PayPal breach!)

Weekly Update 465

Weekly Update 465

How much tech stuff do I have sitting there in progress, literally just within arm's reach? I kick off this week's video going through it, and it's kinda nuts. Doing runeos and house build doesn't help, but it means there's just a constant distraction of "things" commanding my attention. I couldn't even go through writing this very short blog post without feeling the need to see if I could pair that smoke alarm directly to ZHA on Home Assistant without needing the Clipsal hub; I couldn't, so now I have one more thing to troubleshoot ๐Ÿคทโ€โ™‚๏ธ Maybe it all says more about my attention span than anything...

Weekly Update 465
Weekly Update 465
Weekly Update 465
Weekly Update 465

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. We're putting local gov advice in front of HIBP visitors (first NZ, and we added Aus just after I recorded this live stream)
  3. The headline trolling "16B password breach" is now in HIBP (at least the portal I was sent is, and it's in there under "Data Troll")

Weekly Update 464

Weekly Update 464

I think the most amusing comment I had during this live stream was one to the effect of expecting me to have all my tech things neat and ordered. As I look around me now, there are Shellys with cables hanging off them all over my desk, the keyboard I'm typing on has become very flakey with the Bluetooth connection, a monitor colour tuning tool I've been meaning to run for years is still sitting there, there are seven boxes of Ubiquiti stuff on the floor waiting to be installed, an IoT smoke alarm that needs a hub to work is next to me and I'm looking at the camera that failed me this week and it still has that damn micro USB cable hanging out of it and not properly run through the wall to be nice and invisible. Yet somehow, today I've prioritised IoT'ing my rubbish bins with AI ๐Ÿคทโ€โ™‚๏ธ More on that next week!

Weekly Update 464
Weekly Update 464
Weekly Update 464
Weekly Update 464

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. I did a recording with Dr Karl! (such a cool experience, I've spent so many hours listening to him over a lot of years)
  3. Guardio is the latest company we've partnered with at HIBP (they're facing our visitors from the US, and they create awesome tools to help protect people from online threats)

Weekly Update 463

Weekly Update 463

I've listened to a few industry podcasts discussing the Tea app breach since recording, and the thing that really struck me was the lack of discussion around the privacy implications of the service before the breach. Here was a tool where people were non-consensually uploading photos of others and leaving fairly intimate commentary about them. That MO seems to be, at least in part, related to the motive to take a service that presented massive privacy implications for the subject matters and, to vet their participants' gender, create an even bigger privacy issue by collecting selfies and IDs, which in turn created yet another privacy issue when they were leaked and misused. There were so many red flags about this service before the breach that it's kinda fascinating the focus is now so heavily on the aftermath. A bit more pre-emptive focus on privacy next time, everyone.

Weekly Update 463
Weekly Update 463
Weekly Update 463
Weekly Update 463

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. The Tea app breach is many layers of privacy irresponsibility (with some pretty alarming outcomes for users and victims of the service)
  3. My favourite creator of network-level nasties blocking was compromised (and it wasn't even the Pi-hole's fault, thanks to a dodgy WordPress plugin with an egregiously dumb flaw)
  4. I was asked about the UK's Online Safety Act during the live stream (that's a link to a thread which effectively amounts to it being more "thoughts and prayers" of infosec rather than practical legislation)

Weekly Update 462

Weekly Update 462

This will be the title of the blog post: "Court Injunctions are the Thoughts and Prayers of Data Breach Response". It's got a nice ring to it, and it resonates so much with the response to other disasters where the term is offered as a platitude that has absolutely no practical benefit at all. You know, like the Qantas injunction to prevent data from their breach being examined by other parties. So, whilst it means journos won't be poring over it (and we won't be loading it into HIBP), criminals will pay no attention to it whatsoever. More to come in the forthcoming blog post.

Weekly Update 462
Weekly Update 462
Weekly Update 462
Weekly Update 462

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Qantas was granted an injunction in the wake of their data breach... (which has absolutely no effect whatsoever on criminals who want to do crime with the data)
  3. Using Teespring for our merch store has been an absolutely woeful experience (but using Fourthwall has been great!)
  4. I'm in the Microsoft MVP and RD fold for another one and two years (still a Regional Director with no region and no directing, but it's a cool program all the same ๐Ÿ™‚)
  5. The Creams Cafe breach went into HIBP (lot of different channels tried to get in touch with them in advance, but alas...)

Weekly Update 461

Weekly Update 461

The Stripe situation is frustrating: by mandating an email address on all invoices, we're providing a channel that sends customer queries directly through to us rather than via our support portal, which already has the answers many people are raising tickets for. It's frustrating because it slows our customers down (they need to wait for us to respond), and it's also frustrating because we have to respond (and we're swamped as it is). I go into more detail in the video but at this stage, it looks like the only way out is to create a do_not_email@ alias, which people will inevitably email anyway, and then auto-respond to that with a link to the support portal. C'mon Stripe, fix this thing!

Weekly Update 461
Weekly Update 461
Weekly Update 461
Weekly Update 461

References

  1. 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The Omnicuris breach went into HIBP (they have the data, but nothing in terms of disclosure)
  3. The MaReads breach also went in (same story - they have the data and radio silence)
  4. If you've got a Chromebook and are handy with debugging websites, help! (I still don't know what's causing this)
  5. Aura identity protection is the latest partner to join HIBP (they'll be seen by visitors from the US)

Weekly Update 460

Weekly Update 460

This week's update is the last remote one for a while as we wind up more than a month of travel. I'm pushing this out just before we jump on the Qantas plane home... right after they've advised just how much of my data was impacted by their breach. That got me thinking in this week's video: what type of "third-party service" would expose those classes of data? My bet is on a party dealing with frequent flyers, perhaps a call centre or other processor responsible for managing their reward program. Hopefully, investigations will lead to transparency, and we'll find out, but I wouldn't be holding my breath on that timeline. For now, here are my thoughts:

Weekly Update 460
Weekly Update 460
Weekly Update 460
Weekly Update 460

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. The UK's NCA has picked up 4 individuals they've charged with the recent attacks on big retail (it's mostly the usual story of young guys, with one exception)
  3. Looks like a heap of data points were exposed for my personal Qantas profile (compared to other family members, that is)
  4. We've welcomed Push Security to Have I Been Pwned's partner program (they're now on the business-facing pages of the dashboard)

Weekly Update 459

Weekly Update 459

New week, different end of the world! After a fleeting stop at home, we're in Japan for a proper holiday (yet somehow I'm still here writing this...) with the first stop in Tokyo. It's like nowhere else here, and this is now probably my 10th trip to Japan over a period of more than three decades. What I think has changed the most in terms of my perceptions of Japan is that back in the 90s, it was just so high tech here because we hadn't seen a lot of the stuff that was on the main streets of Tokyo. Now, the world is much more global; we're all using the same phones and watching the same TVs and nobody is talking about the Walkman any more. Same epic food though, and we've been smashing through some amazing dishes (full pics on Facebook). The next update will come from Kyoto before we head back to the sunny Aussie winter.

Weekly Update 459
Weekly Update 459
Weekly Update 459
Weekly Update 459

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Yet another spyware maker has had their customer data land in HIBP (I think Catwatchful is now the 9th one there)
  3. Also on Catwatchful, it looks like good old SQL injection still wreaking havoc (crazy this is still a thing)
  4. Aussie identity protection service Truyu is the first new partner to be onboarded (that is, since 1Password in 2018)
  5. Looks like I'm in yet another data breach, this time courtesy of our national airline (let's see if data appears anywhere...)

Weekly Update 458

Weekly Update 458

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page, so if you want to see the highlights, head over there. That's it for this week, it's home for a day then I'll come to you from Tokyo for the next one.

Weekly Update 458
Weekly Update 458
Weekly Update 458
Weekly Update 458

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Have Fun Teaching was breached 4 years ago and 27k of their records are now in HIBP (they went very much "radio silence" after disclosure)
  3. Robinsons Malls in the Philippines had a breach thay finally made its way into HIBP (the breach itself was back in June last year)
  4. Because Teespring was frankly, appallingly bad, we have a new merch store courtesy of Fourthwall (if you ordered from Teespring and haven't received your merch, contact their support and if that doesn't work, dispute the charge with your card company)

Weekly Update 457

Weekly Update 457

Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that's a shotgun style that plugs straight into the iPhone and it's usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don't know if this was connection related or what, but I was in no position to troubleshoot once the stream had started, unfortunately.

Moving on, it's been a ridiculously hectic week of bacb-to-back events then to top it off, we've bee dealing with crazy traffic volumes on HIBP:

Well, that explains the traffic: 2.46M visitors to Have I Been Pwned in 24 hours, mostly from Google searches. The inbound traffic is near unprecedented, with only the Collection 1 credential stuffing list in Jan 2019 and the Facebook scrape in April 2021 coming close. pic.twitter.com/li7qvfy9tk

โ€” Troy Hunt (@troyhunt) June 21, 2025

Anyway, you just can't predict these things, hope you enjoy this week's video regardless.

Weekly Update 457
Weekly Update 457
Weekly Update 457
Weekly Update 457

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. If you want to follow along with travels, most of the pics I post these days are going to a public Facebook account (such is the fragmented social media world today)
  3. Catch me in Rome next week for the DotNetCode Italy meetup (that'll be the last public event of the tour)
  4. Was it really 16B passwords? (obviously this story got huge traction, let's see what the data says)

Weekly Update 456

Weekly Update 456

It's time to fly! It's two months to the day since we came back from the last European trip, again spending the time with some of the agencies and partners we've fostered at HIBP over the years. This time, it's the driving tour I talked about earlier last month, and we have absolutely jam-packed it! But hey, it's a part of the world I love driving in, it's summer over there (I know, it's a bit upside-down in that half of the world), and there are lots of cool people and places to see. Interesting, Switzerland was by far the most dominant "come and say g'day" country, and we've ended up with events or meetups in Zurich, Bern and Geneva, along with invites in other places we just didn't have time to make work. But Switzerland is awesome, so perhaps that's a place for a longer stay next time with a little less grand touring. Regardless, I'll come to you with another live stream next Friday from Monaco ๐Ÿ˜Ž

Weekly Update 456
Weekly Update 456
Weekly Update 456
Weekly Update 456

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. Catch me in Zurich on Monday (that one is courtesy of the Azure Zurich User Group)
  3. And in Rome the week after (thank you DotNetCode Italy for hosting!)

Weekly Update 455

Weekly Update 455

The bot-fighting is a non-stop battle. In this week's video, I discuss how we're tweaking Cloudflare Turnstile and combining more attributes around how bot-like requests are, and... it almost worked. Just as I was preparing to write this intro, I found a small spike of anomalous traffic that, upon further investigation, should have been blocked. So we've pivoted again, adding yet more logic to try and give legit humans the best experience possible whilst making it painful for the bots. Fortunately, we're doing this with resources that have minimal impact if a limited number of bot requests come through, but it does make for a challenging if not somewhat infuriating experience.

Weekly Update 455
Weekly Update 455
Weekly Update 455
Weekly Update 455

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We've now identified the first round of partners to onboard to HIBP (these are companies that can help victims "after the breach")
  3. ColoCrossing had a breach that exposed 7k customer email addresses for their cloud service (looks like this just ColoCloud)
  4. We love the HIBP merch store, but Teespring's support is absolutely woeful (we'll move to an alternate provider in the very near future)
  5. We're still tweaking Cloudflare's Turnstile to keep the bad guys out and the good guys in (that's a link to the HIBP homepage which we think we have dialed in pretty good now, see if you get a nice async request or a full page post-back)

Weekly Update 454

Weekly Update 454

We're two weeks in from the launch of the new HIBP, and I'm still recovering. Like literally still recovering from the cold I had last week and the consequent backlog. A major launch like this isn't just something you fire and forget; instead, it takes weeks of tweaks and refinements to iron out all the little creases, both known and unpredictable. None of them have been significant, fortunately, but the more I look at it, the more I see, and the more we refine. This week, we're diving headfirst into something I'd rather avoid: wacky procurement demands. Stuff like quote generation so that you can have the same stuff as you can find on the pricing page right now, just as a PDF with your name on it ๐Ÿคฆโ€โ™‚๏ธ And look, I get it - it's not the people reading this making those demands and I have tread in your shoes and felt your pain. Hopefully, sometime this week, we'll automate away both your and my pain, and that'll be a massive step forward for all of us. Stay tuned!

Weekly Update 454
Weekly Update 454
Weekly Update 454
Weekly Update 454

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. I'm coming to Zurich! (now at the correct date of June 16)
  3. The Fรฉdรฉration Francaise de Rugby breach turned up (282k people in there, including with their DoBs for some reason ๐Ÿคทโ€โ™‚๏ธ)
  4. Sticking with the French theme, their "Free" ISP data popped up too (another 14M people there, also with dates of birth ๐Ÿคทโ€โ™‚๏ธ)
  5. And the second coming of Operation Endgame also made its way to HIBP (with support from our friends in LEA ๐Ÿ‘ฎ)

Weekly Update 453

Weekly Update 453

Well, the last few weeks of insane hours finally caught up with me ๐Ÿค’ Not badly, but I evidently burned enough midnight oil to leave the immune system somewhat degraded and just after recording this video, I really didn't feel like doing much at all. Some congestion and sniffles aside, it's really not that bad, but definitely evidence of a very intense period, which thankfully, is now behind us. So, this week, let's talk about that awesome new HIBP website ๐Ÿ˜Š

Weekly Update 453
Weekly Update 453
Weekly Update 453
Weekly Update 453

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We launched! (the end of one era, the beginning of another)
  3. Cloudflare's Turnstile is protecting a bunch of features in the new HIBP site from automation (but we do need to work on the rate at which it thinks real people are bots)
  4. I later put out a poll on the rate at which Turnstile was blocking access (when I speculated about 10%, I was pretty close - it's actually 8.7%)

Weekly Update 452

Weekly Update 452

Funny how excited people can get about something as simple as a sticker. They're always in hot demand and occupy an increasingly large portion of my luggage as we travel around. Charlotte reckoned it would be the same for other merch too, so, while I've been beavering away playing code monkey on the rebranded HIBP website, she built a merch store. Talking about it in this week's video obviously got a bunch of people excited, as a flurry of orders followed. As I said in the video, we put everything up there at cost (ok, so Teepsring made us add 1c to each because you couldn't list exactly at cost), so it's just a fun way to enjoy the new HIBP brand more than anything. Enjoy the merch and this week's video, next week we'll have a brand new site live and ready to talk about ๐Ÿ˜Š

Weekly Update 452
Weekly Update 452
Weekly Update 452
Weekly Update 452

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Malaysia became our 40th government to take up the HIBP service (actually our first gov from Asia, too)
  3. We're going to put a small number of carefully selected partners on breach pages in HIBP (we want companies that can add something genuinely useful to breach victims)
  4. Merch! (what are we missing?)

Weekly Update 451

Weekly Update 451

The Have I Been Pwned Alpine Grand Tour is upon us! I've often joked that work is always either sitting at my desk at home in isolation or on the other side of the world, and so it is with this trip. As we've done with recent travel to the US and colder parts of Europe, we've booked to travel to places we know have lots of people we're interested in seeing then we'll fill in the itinerary. Since the blog post last week, we've lined up folks in Leichtenstein, Zurich (which will be a publicly event I'll announce soon), Bern, Geneva and Lyon. I'm still trying to make contact with the folks at CERT-MC in Monaco, and same with the Italian equivalent in Rome. I've planned a bit more time at the latter and would like to try and line up another event like we'll be doing in Zurich so if you're over that way and run a user group or similar, I'd love to hear from you.

Weekly Update 451
Weekly Update 451
Weekly Update 451
Weekly Update 451

References

  1. Sponsored by:ย Join Snyk's May 15th event to discover how to establish a Security Champions program, bridging security and development
  2. If you're interested in a cool panel for putting Home Assistant on the wall somewhere, check out this thread ()
  3. Gambia's national CSRIT is now the 38th gov on HIBP (they're the first African nation to come on board)
  4. And the Isle of Man is the 39th (they're a "self-governing British Crown Dependency", so I've learned something new this week)
  5. Passkeys for normi... normal people! (they can be really simple to setup and use, but that's highly dependent on how the service implements them)
  6. The HIBP Alpine Grand Tour is next month (summer, the Alps, cyber, what more could you want?! ๐Ÿ˜„)

Weekly Update 450

Weekly Update 450

Looking back at this week's video, it's the AI discussion that I think about most. More specifically, the view amongst some that any usage of it is bad and every output is "slop". I'm hearing that much more broadly lately, that AI is both "robbing" creators and producing sub-par results. The latter is certainly true in many cases (although it's improving extraordinarily quickly), but the former is just ridiculous when used as a reason not to use AI. After doing this week's video, I saw press of Satya saying that 30% of code in some Microsoft repositories is written by AI; so, are developers in the same boat? Should we go back to writing more code by hand to keep us more employed? Maybe chuck out all the other efficiency tools we use too - IDEs give way to notepad.exe, and so on. It's kinda nuts.

Weekly Update 450
Weekly Update 450
Weekly Update 450
Weekly Update 450

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. NDC Melbourne has been run and done (that's actually the last even on my calendar at present, at last until things start filling in for Europe next month)
  3. We're progressing well with our new Have I Been Pwned challenge coin (but some of the comments about using AI in the process... ๐Ÿ˜ฒ)
  4. There is a view amongst some that AI just shouldn't be used for things a human could be paid for (I'm sure a similar discussion was had over and over again during the industrial revolution and, well, every other time tech solved a laborious problem)
  5. This Facebook phish was way too convincing (largely due to the shock and emotion it created on first read)

Weekly Update 449

Weekly Update 449

Today, I arrived at my PC first thing in the morning to find the UPS dead (battery was cactus) and the PC obviously without power. So, I tracked down a powerboard and some IEC C14 to mains cable adaptors and powered back up. On boot, neither the Bluetooth mouse nor keyboard worked. So, I tracked down a wired version of each, logged on, didn't find anything weird in the Device Manager, then gave it a reboot, which resulted in the machine not getting past the Lenovo splash screen. So, I rebooted and the same thing happened, unplugged the new USB devices, rebooted again and ended up on the Bitlocker key entry screen. So, on my spare PC I went to my Microsoft account, retrieved the correct key for the disk in question, rebooted and ended up on the recovery screen. So, I ran the recovery process and, much to my surprise, got straight back into Windows.

That's what trying to work out the login / log in / log on / sign in thing was like this week; incrementally shaving the yak until things work and make sense!

Weekly Update 449
Weekly Update 449
Weekly Update 449
Weekly Update 449

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The new Pwned Passwords search is actually too fast! (settle down, usability isn't as simple as "always make everything as fast as possible")
  3. I went down the "login" rabbit hole and emerged with "sign in" (I still feel this was the most logical conclusion to reach)
  4. Keep those great HIBP UX ideas coming! (May 17 is our go-live date for the new UX, and it's going to be amazing!)

Weekly Update 448

Weekly Update 448

I'm a few days late this week, finally back from a month of (almost) non-stop travel with the last bit being completely devoid of an internet connection ๐Ÿ˜ฒ And now, the real hard work kicks in as we count down the next 25 days before launching the full HIBP rebrand. I'm adamant we're going to push this out on the 17th of May, and I reckon it's looking absolutely awesome! Do please feel free to check out what we're doing and chime in on the GitHub repository via the links below. I'm sure there's a lot of untapped potential yet to be unlocked.

Weekly Update 448
Weekly Update 448
Weekly Update 448
Weekly Update 448

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. I'm speaking at NDC Melbourne on Wednesday 30 (lots of data breachy stuff, unsurprisingly)
  3. The LabHost "phishing as a service" platform has been well and truly pwned by our law enforcement friends (they've sent us over hundreds of thousands of passwords from the now-defunct service that are now searchable in HIBP)
  4. Samsung Germany had more than 200k of their customers' records breached via a third party (this was all allegedly caused by an infostealer infecting a Spectos employee)
  5. Each and every interface is being built in the public domain (that's the live preview link, which is just a static site, but you can click through it and get a really good idea of how it will all look)
  6. We're welcoming feedback via the issues log and discussion list on the open source GitHub repo (lots of good stuff has already come in via there)

Weekly Update 447

Weekly Update 447

I'm home! Well, for a day, then it's off to the other side of the country (which I just flew over last night on the way back from Dublin ๐Ÿคฆโ€โ™‚๏ธ) for an event at the Microsoft Accelerator in Perth on Monday. Such is the path we've taken, but it does provide some awesome opportunities to meet up with folks around the world and see some really interesting stuff. Come by if you're over that way or if you're on the east coast of Aus, I'll be at NDC Melbourne only a couple of weeks later. And somewhere in the midst of all that, we'll get this HIBP UX rebuild finished...

Weekly Update 447
Weekly Update 447
Weekly Update 447
Weekly Update 447

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. I'm speaking at the Microsoft Student Accelerator in Perth on Monday (it's free, and you don't need to be a student ๐Ÿ™‚)
  3. We're going to incorporate some more partners into HIBP where they can offer useful services to data breach victims (the thinking is that they'll appear on the dedicated breach page where they can offer something useful as it relates to that specific incident)
  4. The HIBP UX rebuild repo is tracking everything we're doing (chime in on the discussions or submit any issues you find)

Weekly Update 446

Weekly Update 446

After an unusually long day of travelling from Iceland, we've finally made it to the land of Guinness, Leprechauns, and a tax haven for tech companies. This week, there are a few more lessons from the successful phish against me the previous week, and in happier news, there is some really solid progress on the HIBP UX rebuild. We spent a bunch of time with Stefan and Ingiber (the guy rebuilding the front end) whilst in Reykjavik and now have a very clear plan mapped out to get this finished in the next 6 weeks. More on that in this week's update, enjoy!

Weekly Update 446
Weekly Update 446
Weekly Update 446
Weekly Update 446

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. Silent Push has done some great analysis on the source of my phish (they've linked it similar attacks against SendGrid and Mailgun accounts, among others)
  3. Every outstanding HIBP UX rebuild task is now on public display (we're targeting 17 May to complete all this and roll out the new site)

Weekly Update 445

Weekly Update 445

Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot of "if it can happen to Troy, it can happen to anyone" sort of commentary and whilst it feels a bit of obnoxious for me to be saying it that way, I appreciate the sentiment and the awareness it drives. It sucked, but I'm going to make damn sure we get a lot of mileage out of this incident as an industry. I've no doubt whatsoever this is a net-positive event that will do way more good than harm. On that note, stay tuned for the promised "Passkeys for Normal People" blog post, I hope to be talking about that in next week's video (travel schedule permitting). For now, here's the full rundown of how I got phished:

Weekly Update 445
Weekly Update 445
Weekly Update 445
Weekly Update 445

References

  1. Sponsored by:ย Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. I obviously didn't like being on the receiving end of this, but I reckon 34 minutes from pwned to public disclosure is a new record ๐Ÿ˜Š (this is what I'm going to be driving organisations towards in many future data breach cases)
  3. Despite me falling for something I should have spotted, the public response and press had been outstandingly positive (that's a piece from this week's sponsor, I felt their writeup summed things up nicely)

Weekly Update 444

Weekly Update 444

It's time to fly! ๐Ÿ‡ฌ๐Ÿ‡ง ๐Ÿ‡ฎ๐Ÿ‡ธ ๐Ÿ‡ฎ๐Ÿ‡ช That's two new flags (or if you're on Windows and can't see flag emojis, that's two new ISO codes) I'll be adding to my "places I've been list" as we start the journey by jetting out to London right after I publish this blog. If you're in the area, I'll be speaking at Oxford University on Wednesday at 17:00 and that's a free and open event. And since recording this morning, we have managed to confirm that I will be speaking at a community event in Reykjavik the following Monday morning, and you'll see a link on my 2025 events page as soon as they make one available. No public events planned for Ireland yet, but if you're in Dublin and would like to run something the week after I'm in Iceland, get in touch. Just to round out a big schedule, I'll be back in Aus speaking in Perth at Microsoft's Student Accelerator on 14 April and then it's off to NDC Melbourne shortly after that for a talk on the 30th. Then rest ๐Ÿ™‚

Weekly Update 444
Weekly Update 444
Weekly Update 444
Weekly Update 444

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Cloudflare has found almost half of the passwords people use on their customers' sites are compromised (but somehow, that's not the story that got many people's attention)
  3. Cloudflare's stats were gathered via their leaked credential detection service (one of the sources they use for this is Have I Been Pwned's Pwned Passwords)
  4. And no, a password alone is not personally identifiable information (yes, that's an AI-generated response because, no, you can't find any reference whatsoever to a password being PII in any formal gov docs)
  5. The Lexipol breach went into HIBP (apparently it was carried out by "Puppygirl Hacker Polycule", who'd have thunk it?!)
  6. SpyX also went in (Zack reckons this is the 25th spyware service to be breached since 2017)
  7. We're smashing out front end work for the HIBP UX rebuild (go and check out that repo, submit issues and join in on the discussion, we'd love your input)

Weekly Update 443

Weekly Update 443

What an awesome response to the new brand! I'm so, so happy with all the feedback, and I've gotta be honest, I was nervous about how it would be received. The only negative theme that came through at all was our use of Sticker Mule, which apparently is akin to being a Tesla owner. Political controversy aside, this has been an extremely well-received launch and I've also loved seeing the issues raised on the open source repo for the front end and Ingiber's (near instant!) addressing of each and every one of them. Please keep that feedback coming, and I'll talk more about some of the changes we've made as a result in the next weekly update.

Weekly Update 443
Weekly Update 443
Weekly Update 443
Weekly Update 443

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. We've open sourced the repo with the front end dev work (please feel free to raise issues, chime in on the discussion and submit PRs)
  3. Every commit we make to the above repo is pushed out to a static site at preview.haveibeenpwned.com (remember - it's static - this is front end stuff only)
  4. We're pushing to the preview site using Cloudflare Pages (this is such a cool, easy way of deploying code)
  5. We've made the stickers available via a Sticker Mule store (there's no markup on these, just get 'em at cost)
  6. We've also put the stickers, 3D models and other visual assets in the open source branding repo (especially handy if you want to get stickers made at a place that aligns to your political preference ๐Ÿ˜)

Weekly Update 442

Weekly Update 442

We survived the cyclone! That was a seriously weird week with lots of build-up to an event that last occurred before I was born. It'd been 50 years since a cyclone came this far south, and the media was full of alarming predictions of destruction. In the end, we maxed out at 52kts just after I recorded this video:

Itโ€™s here. But 47kts max gusts isnโ€™t too bad, nothing actually blowing over here (yet). pic.twitter.com/qFyrZdiyRW

โ€” Troy Hunt (@troyhunt) March 7, 2025

We remained completely untouched and unaffected beyond needing to sweep up some leaves once the rain (which has also been unremarkable), finally stops. It appears the worst damage has been a lot of homes without power and perhaps most obviously, the beaches have done a complete vanishing act with all the sand:

What our favourite beach is like today, versus before. Theyโ€™ll rebuild it, this isnโ€™t unprecedented, but yeah, thereโ€™s some work to be done now. pic.twitter.com/6zFMG7bZqK

โ€” Troy Hunt (@troyhunt) March 8, 2025

But hey, everyone is fine (not just us, the whole city AFAIK), so that's a good outcome. Back on topic, here's this week's video:

Weekly Update 442
Weekly Update 442
Weekly Update 442
Weekly Update 442

References:

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We're filling in the gaps of the stealer logs that have come before, and doing our best to clean everything up a bit while we're there (but we're never going to have totally "clean" data: GIGO)
  3. Someone tried to phish a PayPal OTP from me and instead faced some great trolling by Elle (so proud ๐Ÿฅฒ)
  4. Someone also tried to phish my X credentials from me (that one really took some thinking to emphatically put it in the "phish" box)

Weekly Update 441

Weekly Update 441

Processing data breaches (especially big ones), can be extremely laborious. And, of course, everyone commenting on them is an expert, so there's a heap of opinions out there. And so it was with the latest stealer logs, a corpus of data that took the better part of a month to process. And then I made things confusing in various ways which led to both Disqus comment and ticket hell. But hey, it's finally out and now it's back to normal breach processing for the foreseeable future ๐Ÿ™‚

Weekly Update 441
Weekly Update 441
Weekly Update 441
Weekly Update 441

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. I trawled through 23 billion stealer logs to get a 284M breached email addresses into HIBP (and learned that explaining this concept clearly is hard!)
  3. Apple is pulling support for their Advanced Data Protection E2E offering (but will the status quo change before they force existing users to disable it?)
  4. Spyware / stalkerware apps Cocospu and Spyic leaker their data for all to see (and since that recording, Spyzie has also been added to the list)
  5. The Zimi Senoa IoT switches are beautiful... (...but I think that Bluetooth mesh via a proprietary hub is going to be a show-stopper)

Weekly Update 440

Weekly Update 440

Wait - it's Tuesday already?! When you listen to this week's (ok, last week's) video, you'll probably get the sense I was a bit overloaded. Yeah, so that didn't stop, and the stealer log processing and new feature building just absolutely swamped me. Plus, I spent from then until now in Sydney at various meetings and events which was great, but didn't do a lot for my productivity. Be that as it may, we're now less than 12 hours off launching this all so, in the interests of not having me stay up all night putting the finishing touches on it, let me drop here and come back in a few days to talk about how it's all been received ๐Ÿคž

Weekly Update 440
Weekly Update 440
Weekly Update 440
Weekly Update 440

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Weekly Update 439

Weekly Update 439

We're now eyeball-deep into the HIBP rebrand and UX work, totally overhauling the image of the service as we know it. That said, a guiding principle has been to ensure the new looks is immediately recognisable and over months of work, I think we've achieved that. I'm holding off sharing anything until we're far enough down the road that we're confident in the direction we're heading, and then I want to invite the masses to contribute as we head towards a (re)launch.

Whilst I didn't talk about it in this week's video, let me just recap on why we're doing this: the decisions made for a pet project nearly 12 years ago now are very different to the decisions made for a mainstream service with so many dependencies on it today. We're at a point where we need more professionalism and cohesion and that's across everything from the website design and content, the branding on our formal documentation, the stickers I hand out all over the place, the swag we want to make and even the signatures on our emails. Our task is to keep the heart and soul of a humble community-first project whilst simultaneously making sure it actually looks like we know what we're doing ๐Ÿ™‚

Weekly Update 439
Weekly Update 439
Weekly Update 439
Weekly Update 439

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Authorised access by DOGE employees is not a data breach (no, not even if you really, really, really don't like Donald and Elon)
  3. The HIBP rebrand is now a long way through, and we'd love to hear your ideas (it's not just the look and feel, I want to get a lot more functionality in there)
  4. The latest Zacks breach went into HIBP (that's right, this isn't their first rodeo)
  5. Apparently, our discussion about possibly banning resellers is newsworthy (and this isn't a done deal yet, we are also looking at the feasibility of automating away the pain)

Weekly Update 438

Weekly Update 438

I think what's really scratching an itch for me with the home theatre thing is that it's this whole geeky world of stuff that I always knew was out there, but I'd just never really understood. For example, I mentioned waveforming in the video, and I'd never even heard of that let alone understood that there may be science where sound waves are smashed into each other in opposing directions in order to cancel each other out. And I'm sure I've got that completely wrong, but that's what's so fun about this! Anyway, that's all just part of the next adventure, and I hope you enjoy hearing about it and sending over your thoughts because I'm pretty sure there's a gazillion things I don't know yet ๐Ÿ™‚

Weekly Update 438
Weekly Update 438
Weekly Update 438
Weekly Update 438

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We're going down the home theatre rabbit hole! (check out some of the work these guys have done, just amazing)
  3. We're seriously considering booting resellers off HIBP altogether (0.86% of our customers who come through them are consuming the same amount of support time as the entire remaining 99.14% ๐Ÿ˜ฒ)

Weekly Update 437

Weekly Update 437

It's IoT time! We're embarking on a very major home project (more detail of which is in the video), and some pretty big decisions need to be made about a very simple device: the light switch. I love having just about every light in our connected... when it works. The house has just the right light early each morning, it transitions into daytime mode right at the perfect time based on the amount of solar radiation in the sky, into evening time courtesy of the same device and then blacks out when we go to bed. And some lights come on with movement based on motion sensors in fans (Big Ass fans have occupancy sensors), cameras (Ubiquiti camera raise motion events), and tiny dedicated Zigbee sensors. But getting the right physical switches in combination with the right IoT relays has been a bit more challenging. Listen to this week's show let me know if you have any "bright" ideas ๐Ÿ™‚

Weekly Update 437
Weekly Update 437
Weekly Update 437
Weekly Update 437

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Light switches, IoT relays and other complex discussions about simple circuits (it's such a critical component of the house, especially when you replicate the model >100 times over)
  3. Apparently, the YubiKey phish wasn't a phish (seriously folks, if I can't tell when comms is legit or not, how are the normies expected to get it right?!)
  4. The ABC's analysis of 4-digit PINs in HIBP is really well done! (although I did spend way too much time explaining to other journalists how there are only 10,000 possible values ๐Ÿค”)
  5. The HIBP Grafana dashboard is looking epic! (although I may be blowing way more time on it than anyone could reasonably justify...)

Weekly Update 436

Weekly Update 436

We're heading back to London! And making a trip to Reykjavik. And Dublin. I talked about us considering this in the video yesterday, and just before publishing this post, we pulled the trigger and booked the tickets. The plan is to pretty much repeat the US and Canada trip we did in September and spend the time meeting up with some of the law enforcement agencies and various other organisations we've been working with over the years. As I say in the video, if you're in one of these locations and are in a position to stand up a meetup or user group session, I'd love to hear from you. Europe is a hell of a long way to go so we do want to make the most of the travel, stand by for more plans as they emerge.

Weekly Update 436
Weekly Update 436
Weekly Update 436
Weekly Update 436

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. The HIBP "Wall of Graphs" looks awesome! (I'll blog it up, but there's more to be done first)
  3. Spamming ~500 companies attempting to look for bug bounties is muppet behaviour (all whilst putting them on CC too ๐Ÿคฆโ€โ™‚๏ธ)
  4. Despite a couple of dissenting voices re the muppet characterisation, 84.5% of people agreed with my description (or in other words, 15.5% of people were completely wrong)

Weekly Update 435

Weekly Update 435

If I'm honest, I was in two minds about adding additional stealer logs to HIBP. Even with the new feature to include the domains an email address appears against in the logs, my concern was that I'd get a barrage of "that's useless information" messages like I normally do when I load stealer logs! Instead, the feedback was resoundingly positive. This week I'm talking more about the logic behind this, some of the challenges we faced with it and what we might see in the future. Stay tuned, because I think we're going to be seeing a lot more of this in HIBP.

Weekly Update 435
Weekly Update 435
Weekly Update 435
Weekly Update 435

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. For the first time ever, we added a heap of additional info about stealer logs to HIBP (ok, it's just the domains an address appears against, but that turns out to have been really useful)

Weekly Update 434

Weekly Update 434

This week I'm giving a little teaser as to what's coming with stealer logs in HIBP and in about 24 hours from the time of writing, you'll be able to see the whole thing in action. This has been a huge amount of work trawling through vast volumes of data and trying to make it usable by the masses, but I think what we're launchung tomorrow will be awesome. Along with a new feature around these stealer logs, we've also added a huge number of new passwords to Pwned Passwords not previously seen before. Now, for the first time ever, "fuckkangaroos" will be flagged by any websites using the service ๐Ÿ˜ฎ More awesome examples coming in tomorrow's blog post, stay tuned!

Weekly Update 434
Weekly Update 434
Weekly Update 434
Weekly Update 434

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Publicly asking for a security contact ios really not something I want to be doing (it tends to be a last resort after not being able to raise the company via various other channels)
  3. Massive kudos to Synology for making the DiskStation rollover process entirely seamless (little bit of work restoring Plex, but at least there was zero data loss)

Weekly Update 433

Weekly Update 433

It sounds easy - "just verify people's age before they access the service" - but whether we're talking about porn in the US or Australia's incoming social media laws, the reality is way more complex than that. There's no unified approach across jurisdictions and even within a single country like Australia, the closest we've got to that is a government scheme usually intended for accessing public services. And even if there was a technically workable model, who wants to get either the gov or some big tech firm involved in their use of Instagram or Pornhub?! There's a social acceptance to be considered and not only that, circumvention of age controls is very easy when you can simply VPN into another jurisdiction and access the same website blocked in your locale. Or in the case of the adult material, I'm told (๐Ÿคทโ€โ™‚๏ธ) there are many other legally operating websites in other parts of the world that are less inclined to block individuals in specific states from foreign countries. There'll be no easy solutions for this one, but it'll make for an entertaining year ๐Ÿ˜Š

Weekly Update 433
Weekly Update 433
Weekly Update 433
Weekly Update 433

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. My trusty Synology DS1512+ finally died after 12 years of faithful service (since recording this video, the new DS923+ arrived and migration was super smooth)
  3. Pornhub addressed the age verification mandate from a bunch of US states by simply... blocking them (I wonder if there's a way around that...)
  4. Proton VPN has seen a "massive surge" in VPN signups from the US (...there we go ๐Ÿ™‚)
  5. The EFF reckons there is no effective age verification method (they also downplay the negative impacts of social media on kids, which I disagree with)
  6. The Glamira data breach made it into HIBP (link through to a Reddit thread where the company acknowledged the breach last year, no word on whether they disclosed to impacted individuals)

Weekly Update 432

Weekly Update 432

There's a certain irony to the Bluesky situation where people are pushing back when I include links to X. Now, where have we seen this sort of behaviour before? ๐Ÿค” When I'm relying on content that only appears on that platform to add context to a data breach in HIBP and that content is freely accessible from within the native Bluesky app (without needing an X account), we're out of reasonable excuses for the negativity. And if "because Elon" is the sole reason and someone is firm enough in their convictions on that, there's a very easy solution ๐Ÿ™‚

Weekly Update 432
Weekly Update 432
Weekly Update 432
Weekly Update 432

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. We're rebuilding the front-end of Have I Been Pwned (there's a lot of opinions on that thread!)
  3. People on Bluesky are complaining about posting links to content that only exist on X (not exactly the right way to encourage use of other platforms)

Weekly Update 431

Weekly Update 431

I fell waaay behind the normal video cadence this week, and I couldn't care less ๐Ÿ˜Š I mean c'mon, would you rather be working or sitting here looking at this view after snowboarding through Christmas?!

Christmas Day awesomeness in Norway ๐Ÿ‡ณ๐Ÿ‡ด Have a great one friends, wherever you are ๐Ÿง‘โ€๐ŸŽ„ pic.twitter.com/F2FtcJYzRC

โ€” Troy Hunt (@troyhunt) December 25, 2024

That said, Scott and I did carve out some time to chat about the, uh, "colourful" feedback he's had after finally putting a price on some Report URI features he'd been giving away free for years. And there's more data breaches, of course, including a couple I loaded over the previous week that I think were particularly interesting. Enjoy this week's video, next week's will be a 2024 wrap-up from somewhere much, much sunnier ๐Ÿ˜Ž

Weekly Update 431
Weekly Update 431
Weekly Update 431
Weekly Update 431

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. After many years, Scott put a price on the free tier of Report URI (and some of the feedback he got ๐Ÿ˜ฒ)
  3. I couldn't raise Young Living Essential Oils about their data breach (and their data is spread all over a popular clear web hacking forum too)
  4. The "French Citizens" data breach had Millions of French people in it... (...and a lot of other people too)

Weekly Update 430

Weekly Update 430

I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowing and there's not a supercar in sight.

Back on business, this week I'm talking about the challenge of loading breaches and managing costs. A breach load immediately takes us from a very high percentage cache hit ratio on Cloudflare to zero. Consequently, our SQL costs skyrocket as the DB scales to support the load. Approximately 28 hours after loading the two breaches I mention in this week's update, we're still running a DB scale that's 350% larger than once we have a high cache hit ratio, and that directly hits my wallet. We need to work on this more because as I say in the video, I really don't like financial incentives that influence how breaches are handled, such as delaying them and bulking them together to reduce the impact of cache flush events like this. We'll give that more thought, I think there are a few ways to tackle this. For now, here's this week's video and some of the challenges we're facing:

Weekly Update 430
Weekly Update 430
Weekly Update 430
Weekly Update 430

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Some people really don't like supercars (although I suspect it's more about not liking to see either the enjoyment others take in them or the success they may have achieved)
  3. Being online means having constant attacks against your online things (but failed login attempts against my son's and my Microsoft accounts are just that - failed attempts)
  4. The German electricity provider Tibber had 50k records breached (a little one, but newsworthy enough to have hit the media)
  5. And the first-ever Senegalese data breach went into HIBP courtesy of Yonรฉma (not exactly a high cross-over with our usual subscribers, but a breach is still a breach)

Weekly Update 429

Weekly Update 429

A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to my Facebook account, and if none of that is interesting, here's this week's video on more infosec-related topics:

Weekly Update 429
Weekly Update 429
Weekly Update 429
Weekly Update 429

References

  1. Sponsored by:ย Cyberattacks are guaranteed. Is your recovery? Protect your data in the cloud. Join Rubrikโ€™s Cloud Resilience Summit.
  2. The Armenian Government is now the 37th to have free and open access to their domains on HIBP (this gives them API-level domain searches to their gov TLD)
  3. After two and a bit years on sale, we're now giving away "Pwned" the book, for free (go grab it in PDF or EPUB format)

Weekly Update 428

Weekly Update 428

I wouldn't say this is a list of my favourite breaches from this year as that's a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature of the service, but some of them this year were absolute zingers. This week, I'm talking about the ones that really stuck out to me for one reason or another, here's the top 5:

Weekly Update 428
Weekly Update 428
Weekly Update 428
Weekly Update 428

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The Spoutible breach was one of the most bizarre instances of returning unnecessary data via an API I've ever seen (passwords, 2FA secrets and the code used in "magic links" to reset passwords)
  3. It's one thing for spyware to be used for stalking partners against their terms and conditions, it was quite another for pcTattletale to explicitly refer to marital infidelity as a use case for the product (this data breach actually killed the company)
  4. The "Combolists Posted to Telegram" breach was more significant for the stealer logs than it was the combolists aggregated from other sources (that really brought this class of breach into the spotlight for me)
  5. The National Public Data breach was much more significant for the exposure of hundreds of millions of social security numbers than it was for the email addresses that went into HIBP (that's another company that folded as a result of their breach)
  6. The Muah.AI breach exposed a trove of requests by users to create CSAM images (the linked thread is a mind-boggling series of tweets about both the content and the justifications offered for not having controls on the images created)

Weekly Update 427

Weekly Update 427

I was going to write about how much I've enjoyed "tinkering" with the HIBP API, but somehow, that term doesn't really seem appropriate any more for a service of this scale. On the contrary, we're putting in huge amounts of effort to get this thing fast, stable, and sustainable. We could do the first two very easily just by throwing money at the cloud, but that makes the last one a bit hard. Besides, both Stefรกnย and I do enjoy the challenge of optimising an increasingly large system to run on a shoestring and even though the days of "a coffee a day of running costs" are well behind us, arguably the cost per request (or some other usage-based metric) is better than ever. I hope you enjoy this chat between the two of us and as I say in the video, do please chime in with your thoughts and suggestions.

Weekly Update 427
Weekly Update 427
Weekly Update 427
Weekly Update 427

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Read all the nitty-gritty about how we're getting "closer to the edge" (Stefรกnย  will follow this up with a more techie one on the SQL scaling side of things)

Weekly Update 426

Weekly Update 426

I have absolutely no problem at all talking about the code I've screwed up. Perhaps that's partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I'm not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries that weren't resilient to SQL database scale changes, partially completed breach notifications I didn't notice until it was too late to easily fix, and some queries that performed so badly they crashed the entire breach notification process after loading the massive DemandScience incident. Fortunately, none of them had any impact of note, we fixed them all and re-ran processes, and now we're more resilient than ever ๐Ÿ˜„

Oh - and if you like this style of content, this coming Friday, Stefan and I will do a joint live stream on all sorts of other bits about how now HIBP runs.

Weekly Update 426
Weekly Update 426
Weekly Update 426
Weekly Update 426

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. Elon Musk is right (I hate cookie warnings, but I'm entertained by people losing their minds "because Elon")
  3. The Hot Topic breach went into HIBP (that's another 57M email addresses right there)
  4. There are also now 122M more records in HIBP courtesy of the DemandScience breach (it's publicly aggregated data, but it's still a breach)

Weekly Update 425

Weekly Update 425

This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the incident itself. It's a nothing-burger. Email addresses and usernames, that's it, and of course, their association with the service, which may lead to some very targeted spam or phishing attempts. It's still a breach by any reasonable definition of the term, but it should have been succinctly summarised and disclosed to impacted parties with everyone moving on with more important things in life a few moments later. And that's exactly what I'm going to do right now ๐Ÿ˜Š

Weekly Update 425
Weekly Update 425
Weekly Update 425
Weekly Update 425

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Speaking of giving a nothing-burger incident more attention than it deserves, the Earth 2 Twitter screed hasn't done them any favours (something something Streisand effect)
  3. Data breach disclosure 101: How to succeed after you've failed (7 years on, this is still the guidance I give breached orgs)

Weekly Update 424

Weekly Update 424

I have really clear memories of listening to the Stack Overflow podcast in the late 2000's and hearing Jeff and Joel talk about the various challenges they were facing and the things they did to overcome them. I just suddenly thought of that when realising how long this week's video went for with no real plan other than to talk about our HIBP backlog. People seem to love this in the same way I loved listening to the guys a decade and a half ago. I'll do one of these with Stefan as well over the course of this month, let us know what you'd like to hear about ๐Ÿ˜Š

Weekly Update 424
Weekly Update 424
Weekly Update 424
Weekly Update 424

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.

Weekly Update 423

Weekly Update 423

Firstly, my apologies for the minute and a bit of echo at the start of this video, OBS had somehow magically decided to start recording both the primary mic and the one built into my camera. Easy fix, moving on...

During the livestream, I was perplexed as to why the HIBP DB was suddenly maxing out. Turns out that this aligned with dropping a constraint on the table of domains which appears to have caused the table to reindex and massively slow down the queries for breached email addresses. Further, we simultaneously started having problems related to MAXDOP (the maximum degree of parallelism for the stored procedure running the query), which was only resolved after we forced it to not run on multiple CPUs by setting it to 1 (weirdly, 2 is also fine but 3 or higher completely killed perf). Fun times, running a service like this.

Weekly Update 423
Weekly Update 423
Weekly Update 423
Weekly Update 423

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The Internet Archive's Zendesk was accessed and replies sent to a bunch of tickets (it's just gone from bad to bad for them, and still no disclosure to individuals...)
  3. Basically everyone thinks unauthorised access should result in breach notifications being sent to impact individuals (I mean, it's a predictable outcome, but there were still some wacky arguments against it)
  4. I'm feeling pretty damn exasperated about the lack of breach disclosure lately (multiple incidents this year have included my own personal data, and I'm pissed)

Weekly Update 422

Weekly Update 422

Apparently, Stefan and I trying to work stuff out in real time about how to build more efficient features in HIBP is entertaining watching! If I was to guess, I think it's just seeing people work through the logic of how things work and how we might be able to approach things differently, and doing it in real time very candidly. I'm totally happy doing that, and the comments from the audience did give us more good food for thought too. I'll try and line up a session just like that before the end of the year, we've certainly got no shortage of material!

Weekly Update 422
Weekly Update 422
Weekly Update 422
Weekly Update 422

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. If you read the BBC, I hacked Internet Archive (this was followed by much apologising, but it was still pretty damn sloppy writing)
  3. Muah.AI and their users continue to push back against controls to limit child abuse requests (and when they talk about implementing controls, the users get upset)

Weekly Update 421

Weekly Update 421

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any attempts to curb creating sexual image of young children being "too much":

Which is making customers unhappy - "any censorship is too much": pic.twitter.com/fzfrFdKL8w

โ€” Troy Hunt (@troyhunt) October 12, 2024

The law will catch up with this (and anyone in that breach creating this sort of material should be feel very bloody nervous right now), and the writing is already on the wall for people generating CSAM via AI:

This bill would expand the scope of certain of these provisions to include matter that is digitally altered or generated by the use of artificial intelligence, as such matter is defined.

The bill can't pass soon enough.

Weekly Update 421
Weekly Update 421
Weekly Update 421
Weekly Update 421

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. The Muah.AI data breach revealed an enormous volume of requests for CSAM material (you can hear me struggling to even properly explain this, it's just hard to find the words)
  3. Internet Archive was breached, defaced and DDoS'd (4 days on from that tweet thread, they're still offline)
  4. National Public Data - the service that siphoned up hundreds of millions of social security numbers then exposed them all in a breach - is dead (now, how many more of these are left?)

Weekly Update 420

Weekly Update 420

Ok, the scenery here is amazing, but the real story is data breach victim notification. Charlotte and I wanted to do this one together today and chat about some of the things we'd been hearing from government and law enforcement on our travels, and the victim notification angle featured heavily. She reminded me of the trouble even the police have when reaching out to organisations about security issues, often being confronted by lawyers or other company representatives worried about legal reprisals. It's nuts, and if it's hard for the law to get someone's attention, what hope is there for us?!

Weekly Update 420
Weekly Update 420
Weekly Update 420
Weekly Update 420

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. We mentioned "Pwned or Bot", the use of HIBP to help establish the legitimacy of email addresses (this is such a cool use case we'd never even considered until hearing it)
  3. I mentioned the NCA's Cyber Choices program tackling youth cybercrime (6 years on, this is still such an awesome video!)
  4. I'm sharing a lot more pics from travels on Facebook (there are some rather epic shots there from the current trip)

Weekly Update 419

Weekly Update 419

It's not a green screen! It's just a weird a weird hotel room in Pittsburgh, but it did make for a cool backdrop for this week's video. We were there visiting our FBI friends after coming from Washington DC and a visit to CISA, the "America's Cyber Defence Agency". This week, I'm talking about those visits, some really cool new Cloudflare features, and our ongoing effort to push more and more of HIBP's data to Cloudflare's edges. Enjoy!

Weekly Update 419
Weekly Update 419
Weekly Update 419
Weekly Update 419

References

  1. Sponsored by:ย Lithnet Access Manager. Level up your lateral movement defence with RapidLAPS, the passwordless LAPS experience.
  2. Cloudflare has added an awesome leaked credential service that uses Pwned Passwords as one of the data sources (the easier checking known bad passwords becomes, the more effective blocking them becomes)
  3. And they've also added a very cool UI-based config for setting up a security.txt file (and again, the easier this becomes...)

Weekly Update 418

Weekly Update 418

Just watching back through bits of this week's video, the thing that's really getting at me is the same thing I've come back to in so many past videos: lack of organisational disclosure after a breach. Lack of disclosure to impacted customers, lack of disclosure to the public, and a general apathy towards the transparency with which we expect organisations to behave post-breach. This is a topic I'm increasingly pushing in front of governments and law enforcement agencies, and it'll be front of mind during my visits to the US and Canada this coming week and next. I have a longer form blog post in draft I'll try and wrap up before those meetings, hopefully that'll be one to talk about in next week's update. For now, see what you think of how I've framed the issue here:

Weekly Update 418
Weekly Update 418
Weekly Update 418
Weekly Update 418

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The exploding pagers and walkie-talkies in Palestine is a fascinating story (one day, we'll learn more about how this was pulled off)
  3. My 3D printing talk with Elle (11) at NDC Oslo is now up (so, so proud ๐Ÿ˜Š)

Weekly Update 417

Weekly Update 417

Today was all about this whole idea of how we index and track data breaches. Not as HIBP, but rather as an industry; we simply don't have a canonical reference of breaches and their associated attributes. When they happened, how many people were impacted, any press on the incident, the official disclosure messaging and so on and so forth. As someone in the video today said, "what about the Airtel data breach?" Yeah, whatever happened to that?! A quick Google reminds me that this was a few months ago, but did they ever acknowledge it? Send disclosure notices? Did the data go public? I began talking about all this after someone mentioned a breach during the week and for the life of me, I had no idea whether I'd heard about it before, looked into it, or even seen the data. Surely, with so many incidents floating around that have so much impact, we should have a way of cataloguing it all? Have a listen to this week's video and see what you think.

Weekly Update 417
Weekly Update 417
Weekly Update 417
Weekly Update 417

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. I've previously given thought to how much easy access to data I give governments (but I do agree that redistributing data breaches to them raises a whole world of issues and is not a good idea)
  3. HIBP does has a list of the 809 data breaches I've already loaded into the system (but this is merely a subset; what about all the stuff that isn't in there because the data hasn't surfaced or there's no email addresses?)

Weekly Update 416

Weekly Update 416

It's been a while since I've just gone all "AMA" on a weekly update, but this was just one of those weeks that flew by with my head mostly in the code and not doing much else. There's a bit of discussion about that this week, but it's mostly around the ongoing pain of resellers and all the various issues supporting them then creates as a result. I think we just need to get on with writing the code to automate everything they do so I just don't need to think about them any more ๐Ÿ˜ญ

Weekly Update 416
Weekly Update 416
Weekly Update 416
Weekly Update 416

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Somehow, a bunch of this week's video ended up going on resellers again (the trickle down effects this model has are just painful, but I think we can automate a lot of that away)
  3. How am I still getting so much traffic to Coinhive?! (definitely needs some deeper analysis, I might need to update that JS to log some more details about who's still calling it)
  4. I added a heap of additional domains to my Pi Hole naughty list (that's a link through to a neat tool for measuring the percentage of ads blocked)

โŒ