Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 358

Passwords Accountability VPN Malware 358

NetSpi Technical

NOVEMBER 14, 2024

Running PowerHuntShares I’ve provided more details on the GitHub page, but PowerHuntShares is a simple PowerShell script that can be downloaded and run using PowerShell 5.1 Download PowerHuntShares here. You can download the template file here , and then use it to search for things you care about using the command below.

Passwords 145

Passwords Risk Data collection Backups 145

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). They could be searching for any password whose SHA-1 hash begins with those characters. Very slick!

Passwords 305

Passwords Data breaches Risk Encryption 305

Malwarebytes

MARCH 26, 2025

Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Enable two-factor authentication (2FA).

Phishing 115

Phishing Malware Passwords Password Management 115

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 72

Education Passwords Accountability Encryption 72

Troy Hunt

MAY 20, 2022

Data breaches, 3D printing and passwords - just the usual variety of things this week. More specifically, that really cool Pwned Passwords downloader that I know a bunch of people have been waiting on, and now we've finally released.

Passwords 66

Passwords Data breaches 66

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload.

Malware 116

Malware Scams Identity Theft Antivirus 116

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The lure that convinces people to download these apps varies.

Phishing 126

Phishing Passwords Mobile Authentication 126

Joseph Steinberg

JANUARY 19, 2021

Last week, shortly before Amazon took the Parler social network offline by terminating the latter’s hosting services, a hacker allegedly facilitated a download of the social media site’s data. ” Vigilantism undermines the rule of law.

Media 258

Media Government DDOS Engineering 258

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. fr leyamor[.]com

Scams 141

Scams Identity Theft Media Accountability 141

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Change all your passwords and do this using a clean, trusted device.

Malware 138

Malware Adware Education Phishing 138

Troy Hunt

AUGUST 29, 2023

Further, the passwords from the malware will shortly be searchable in the Pwned Passwords service which can either be checked online or via the API. Pwned Passwords is presently requested 5 and a half billion times each month to help organisations prevent people from using known compromised passwords.

Malware 358

Malware Passwords Password Management Antivirus 358

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. The only data we've been provided with is email addresses and disassociated password hashes, that is they don't appear alongside a corresponding address.

Passwords 358

Passwords Password Management Data breaches Cybercrime 358

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.    It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches 323

Data breaches Passwords B2B Technology 323

Malwarebytes

APRIL 16, 2025

This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. Don’t reuse passwords. Keep threats off your devices by downloading Malwarebytes today.

Internet 142

Internet Internet Passwords Artificial Intelligence 142

Troy Hunt

NOVEMBER 19, 2020

txt" had a small number of email address and password hex pairs. I mean can we trust that both the email addresses and passwords from these alleged breaches represent actual accounts on those services? txt" and true to its name, it appears from the forgotten password email that they were never even hashed in the first place.

Passwords 364

Passwords Password Management Accountability Risk 364

Malwarebytes

APRIL 15, 2025

A screenshot of some of CL0P’s list of victims (other victims’ names obscured) This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds. Change your password.

Data breaches 98

Data breaches Ransomware Passwords B2B 98

Krebs on Security

SEPTEMBER 13, 2023

USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems. So take special care when downloading software to ensure that you are in fact getting the program from the original, legitimate source whenever possible.

Cybercrime 336

Cybercrime Passwords Authentication Malware 336

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system.

Passwords 348

Passwords Identity Theft Consumer Services Password Management 348

SecureList

APRIL 8, 2025

Instead of the description copied from GitHub, the visitor is presented with an imposing list of office applications complete with version numbers and “Download” buttons. io/download. Page for downloading the suspicious archive Clicking that button finally downloads a roughly seven-megabyte archive named vinstaller.zip.

Passwords 85

Passwords Cryptocurrency Software Antivirus 85

Krebs on Security

SEPTEMBER 19, 2024

Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts the built-in Windows Powershell to download password-stealing malware.

Phishing 322

Phishing Scams Malware Passwords 322

The Last Watchdog

MARCH 28, 2025

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victims device. .

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Malwarebytes

APRIL 9, 2025

This access enabled Bathula to download the victims’ personal information, including their private photographs and videos, the class action asserts, adding that he also used his access to systems both at home and at work to spy on the victims in real time. Watch where you download from. Don’t reuse passwords.

Accountability 88

Accountability Spyware Passwords Password Management 88

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub.

Malware 143

Malware Cryptocurrency Encryption Passwords 143

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

SecureList

MARCH 11, 2025

In the video description is a download link to the product supposedly being advertised. The link points to a legitimate file-sharing service where a password-protected archive awaits, the password for which is also in the video description. The malware also affected a small number of users from Belarus, Kazakhstan and China.

Passwords 95

Passwords Malware Advertising Software 95

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. On these websites, cybercriminals advertise a piece of high-demand software and trick users into a download.

Malware 126

Malware Software Passwords Cryptocurrency 126

Security Affairs

OCTOBER 21, 2024

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. This file contained an authentication token that allowed the attacker to download the Internet Archive’s source code, which included additional credentials and tokens.

Internet 128

Internet Internet Data breaches Authentication 128

Malwarebytes

OCTOBER 7, 2024

which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. Unfortunately, that also included an audible description of a user’s saved passwords, effectively reading aloud someone’s passwords. Apple has issued security updates for iOS 18.0.1

Passwords 126

Passwords Mobile Software Risk 126

Malwarebytes

DECEMBER 12, 2023

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

Passwords 145

Passwords Artificial Intelligence Password Management Cybercrime 145

Schneier on Security

DECEMBER 17, 2020

About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. The New York Times has more details. That last sentence is important, yes.

Software 363

Software Passwords Cybercrime Government 363

Troy Hunt

DECEMBER 25, 2022

Hope yours has been amazing too, see you from home next week 😊 References LastPass has added an update re their recent security incident (if keychains have been downloaded - even fully encrypted ones - that's bad news) Personally, I quite like the public view count on all tweets (if you dislike it just purely because it was introduced (..)

Password Management 291

Password Management Encryption Passwords 291

Troy Hunt

MAY 14, 2022

I'll leave you with this tweet which was a bit of a highlight for me, having Ari alongside me at the event and watching his enthusiasm being part of the industry I love 😊 At #AusCERT with Ari for “take your son to work” day 🙂 I’m up next on stream 2 at 14:45 talking about Pwned Passwords, the FBI, the NCA and (..)

Passwords 279

Passwords 279

Troy Hunt

APRIL 10, 2020

this was just super good fun, it's now all hooked up to Alexa too) Pwned Passwords is getting bigger and bigger (more than half a billion queries in a month now) I hate spam and I hate being asked to link to spammy articles (but I love the outcome of this blog post!) Download the guide by Duo Security.

Passwords 308

Passwords 308

Malwarebytes

APRIL 3, 2025

Combined with other known phishing techniques, QR codes provide criminals with a potent tool for collecting usernames and passwords, distributing malware, and other malicious activities. If you do not trust the URL, dont allow your device to open the link, and look for another way to get the information or download you want.

Phishing 138

Phishing Banking Mobile Accountability 138

Troy Hunt

APRIL 5, 2023

In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc. We block known breached passwords. So, we (the good guys) adapt and build better defences. We implement two factor authentication.

Marketing 355

Marketing Passwords Authentication Accountability 355

Security Affairs

NOVEMBER 21, 2024

“In that case, officials at the president’s press office later said the information appeared to have been downloaded using the password of a former employee.” . “In January, someone leaked the personal information of 263 journalists who had signed up to cover presidential activities.”

Government 144

Government Hacking Ransomware Insurance 144