Share this page!

Troy Hunt Profile picture
Twitter logo
27 May, 7 tweets, 4 min read
I’m very happy to announce that @haveibeenpwned’s Pwned Passwords is now open source under the @dotnetfdn. Now we’ve got some work to do: building an ingestion pipeline for new passwords provided by the @FBI on an ongoing basis. This is super cool 😎 troyhunt.com/pwned-password…
There’s so much I love about this, starting with the fact that it removes a huge barrier for many orgs considering using Pwned Passwords: if I have an unfortunate jet ski related accident and can no longer run the service, you can pick it up and run it yourself.
And because all the passwords are already freely downloadable from @haveibeenpwned, all the data is already in the public domain. Open sourcing the code compliments the already open sourced data.
Next, I hope it also gives people more confidence in what happens when you search the service for a password (or at least a hash prefix). What happens in @cloudflare (their worker is now open source too) and then what happens in @Azure. It’s super, super simple 🙂
Because I really don’t know what I’m doing running an open source project, the @dotnetfdn has been absolutely invaluable. I love what they they do and what their mission is and with friends like @clairernovotny running it, I’ve got complete confidence they’ll be awesome.
And the @FBI bit: imagine having access to more real world passwords as they’re found in the course of investigations and then being to immediately do something good with them. This will be massively beneficial for orgs running services targeted by credential stuffing attacks.
This is just cool from top to bottom 😎 It hasn’t been easy and it’s taken a lot of effort just to get to the point where all this is possible, I’m really excited to see where it goes from here 😊

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Troy Hunt Profile picture
25 May
It’s finally here - the @haveibeenpwned 3D logo 😎 The reason I bought the @Prusa3D in the first place was to make a bunch of these and hand them out in my travels. A little tweaking to do then I’ll pump out a bunch and give ‘em away. ImageImage
Pretty happy with this now, might need to start some mass production: Image
I think I know what I have to do now… 🙂 Image
Read 4 tweets
Troy Hunt Profile picture
3 Apr
I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly.
On first review, it's an extensive data set with one file per country and a header row as follows:

phone,uid,email,first_name,last_name,gender,date_registered,birthday,location,hometown,relationship_status,education_last_year,work,groups,pages,last_update,creation_time
I actually couldn't find any of my own or my family's data in the Australia file which has 7.3M rows. Having said that, I'm hearing from other trustworthy sources that the data is legit and that seems a reasonable assumption to work on for now.
Read 27 tweets
Troy Hunt Profile picture
1 Apr
Oh wow, there’s so much to unpack in this video by @LewSpears. Maybe just start by watching it (it’s hilarious, but probably NSFW so wait until you get hom... oh, yeah)
This relates to the research my mate @TheKenMunroShow from @PenTestPartners did on the chastity lock vulnerability last year:
Subsequently, @lorenzofb did a story eloquently titled “Your Cock Is Now Mine” in response to @LewSpears reaching out to him in the earlier video and pretending to have had his wedding tackle cyber’d.
Read 6 tweets
Troy Hunt Profile picture
9 Mar
Looks like Gab is down again:
Ah, this would explain it. Is there an HTTP status code for "spiritual warfare"? I feel like HTTP 521 is selling it short.
Can anyone verify the legitimacy of this? It appears to indicate multiple Gab accounts were compromised to post the message in the video, including the official account and that of the CEO:
Read 6 tweets
Troy Hunt Profile picture
8 Mar
After about a decade and a half of faithful use, my Logitech Z-5500 has finally quit on me. So, what next? I don’t need 5 channels, it’s just for use at the PC, but I want something top-notch as it’s gonna get used a heap. Suggestions? Image
A really common response here is “studio monitors with an audio interface”. Loads of options here, anyone got recommendations for the audio interface? Seen a few suggestions for Schiit, anything in particular from them?
Getting sucked further and further down this rabbit hole; if I went with something like a @Genelec 8010A paired with a 740A sub, I'd need an XLR amp, right? And which one could take a line out or USB from the PC and provide volume control and headphone jack? Confused 🤷‍♂️
Read 6 tweets
Troy Hunt Profile picture
2 Mar
So, the @getongab data breach situation: Let's start the bizarreness with their CEO's ridiculous statement tweeted yesterday:
This came a couple of days after their post about an "alleged data breach" which is full of pretty bizarre statements: news.gab.com/2021/02/26/all…
For example, because they couldn't find any public discussion about the breach they assumed that @WIRED reporters were "essentially assisting the hacker in his efforts to smear our business". There are *always* discussions held in private about a breach before it's made public.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @troyhunt has new unrolls!

Check out other threads from @troyhunt!

Read all threads by @troyhunt

:(