Recherche : [troyhunt]

Pulling the Threads on the Phish of Troy Hunt https://www.validin.com/blog/pulling_threads_on_phishing_campaign/

31/03/2025 19:36:08

Connecting a successful phishing attempt to Scattered Spider through Validin pivoting

Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

25/03/2025 10:46:12

You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.

Troy Hunt: Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/

15/08/2024 06:24:37

I decided to write this post because there's no concise way to explain the nuances of what's being described as one of the largest data breaches ever. Usually, it's easy to articulate a data breach; a service people provide their information to had someone snag it through an act of unauthorised access and publish a discrete corpus of information that can be attributed back to that source. But in the case of National Public Data, we're talking about a data aggregator most people had never heard of where a "threat actor" has published various partial sets of data with no clear way to attribute it back to the source. And they're already the subject of a class action, to add yet another variable into the mix. I've been collating information related to this incident over the last couple of months, so let me talk about what's known about the incident, what data is circulating and what remains a bit of a mystery.

Telegram Combolists and 361M Email Addresses https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/

03/06/2024 21:48:52

Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to. I've loaded it into Have I Been Pwned (HIBP) today because there's a huge amount of previously unseen email addresses and based on all the checks I've done, it's legitimate data. That's the high-level overview, now here are the details:

Troy Hunt: Operation Endgame https://www.troyhunt.com/operation-endgame/

30/05/2024 09:20:22

Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which

Researcher uncovers one of the biggest password dumps in recent history https://arstechnica.com/security/2024/01/71-million-passwords-for-facebook-coinbase-and-others-found-for-sale/

18/01/2024 10:22:39

Roughly 25 million of the passwords have never been seen before by widely used service.

Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster" https://www.troyhunt.com/seized-genesis-market-data-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and-operation-cookie-monster/

05/04/2023 14:05:30

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned

Liens par page

Filtres