Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. When an HIBP subscriber's address appears in one of these incidents, they get an automated notification and often, it seems, they then reach out to me. No, and the passwords are the very first thing that starts to give it all away.

Passwords 89

Passwords Data breaches Security IT 89

Troy Hunt

MAY 27, 2021

Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. One you would have been waiting for and one totally out of left field. This is where the.NET Foundation comes in.

Passwords 144

Passwords Mining IT Authentication 144

Troy Hunt

OCTOBER 24, 2017

It also had to be something that other people could use to achieve that objective which brings me to the Have I Been Pwned (HIBP) API. It also had to be something that other people could use to achieve that objective which brings me to the Have I Been Pwned (HIBP) API. Scroll down to the bottom for the result.

Passwords 55

Passwords Data breaches IT Education 55

Troy Hunt

NOVEMBER 19, 2020

The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture. lines comprised of email address and MD5 hash pairs.

Passwords 145

Passwords Archiving Risk File names 145

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system.

Passwords 122

Passwords IT Mining Consumer Services 122

Troy Hunt

DECEMBER 19, 2021

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.

Passwords 145

Passwords Risk Cloud Privacy 145

Troy Hunt

APRIL 5, 2023

This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. We block known breached passwords.

Marketing 135

Marketing Passwords Authentication Paper 135

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. Here's what it's all about: There's Now 501,636,842 Pwned Passwords.

Passwords 111

Passwords Data breaches IT Search queries 111

Troy Hunt

FEBRUARY 27, 2018

When I launched Pwned Passwords V2 last week , I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. Why Speed Matters for Pwned Passwords. Then the server can warn the user.

Passwords 79

Passwords IT Encryption Access 79

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches 112

Data breaches Passwords Risk Personal data 112

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". There were 2.7B

Passwords 83

Passwords Data breaches Communications IT 83

Troy Hunt

FEBRUARY 26, 2018

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. It then links directly through to 8.8GB worth of easily downloadable data breaches, all obtainable in a single ZIP file.

Data breaches 88

Data breaches Passwords Cleanup File names 88

Troy Hunt

JANUARY 3, 2019

I guess it's maintained its traction due it being referenced in the HIBP description and there being a huge number of people finding themselves pwned. I guess it's maintained its traction due it being referenced in the HIBP description and there being a huge number of people finding themselves pwned. I love this post.

Passwords 81

Passwords Security IT Government 81

Troy Hunt

FEBRUARY 14, 2018

It's probably a scary image, one that's a bit mysterious, a shady character lurking in the hidden depths of the internet. People have this image in their mind because that's what they've been conditioned to believe: These are the images that adorn the news pieces we read and we've all seen them before. See that bloke in the bottom right?

Data breaches 82

Data breaches Passwords Marketing Access 82

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. More specifically, I care about the data that's been exposed in the breach, especially when that data may include my own (I'm very serious).

Passwords 145

Passwords Data breaches Mining Risk 145