The general consensus from the masses is "it's legit", but I'm yet to see any analysis yet. The torrent is being shared pretty extensively, it contains 278 files totalling 125GB *compressed* so it's sizeable. Here's what's inside: gist.github.com/troyhunt/0770c…
The post containing the torrent claims that Twitch is a "disgusting toxic cesspool". Whether that's motive or a convenient excuse is yet to be seen.
Possible acknowledgment from Twitch on the legitimacy of this, although nothing official:
Echoing @campuscodi’s tweet - if you know where hashes are, DM me. Obviously there’s a huge amount of interest in this right now and if user accounts are in there, I know many people will want to check them in @haveibeenpwned as soon as they can:
And if you’ve not already done so, subscribe here and I’ll send you an email as soon as any data with your address is loaded: haveibeenpwned.com/NotifyMe
I’m hearing about a “part 2” containing email addresses, but I’m yet to see anything to substantiate its presence:
Twitch stored passwords in a pretty familiar fashion. Plenty of other services have taken the same approach (such as Dropbox, which we know from their breach), but it leaves a huge number of passwords exposed with the weak hashing algorithm. Wonder if we’ll see how many…
Well that didn’t take long. Dedicated website reporting on earnings by Twitch streamer: twitchearnings.com
If you created your Twitch account 6 years ago or more and haven’t changed your password since, there’s a pretty solid chance someone else will change it for you if hashes are released:
Found *some* email addresses in this breach. Only 2,455 of them contained in a phpBB3 backups folder. Very old (most recent is Dec 2009), let's see what else turns up.
Like pretty much every other major tech platform, Twitch reviews data breaches and compares to their own user base to identify accounts with reused credentials:
COVID in Australia: I’ve had a bunch of people from other parts of the world ask if we’re ok or in some cases, make derogatory comments from afar. Here’s what’s happening and what it’s actually like on the ground:
Geography first: we’re on a sparsely populated island in the middle of nowhere with a handful of major cities. Half as big again as Europe and almost the size of continental USA, but with only 25M people.
International border control is much easier than most of the world so for the most part, we locked the virus out and didn’t spread it too far when it hit. There were still outbreaks, but contained to various extents until more recently.
They're screen caps of AEs related to COVID vaccines and reported to the TGA. The page then provides the "full 73 page TGA vaccine adverse event and death report" as it 7 Aug. Without further context it seems this is intended to scare people regarding potential adverse reactions.
This is shady AF. Reading a bit further whilst writing this thread, it looks like its well and truly already hit the news too: news.com.au/technology/uni…
I’m back! Went offline for most of the last week, pics and stories to follow 🐊
Alrighty, where do I even begin on this? It’s going to be a series of photos and vids of epic scenery so if that’s not your thing, tune out now. Otherwise… it’s off to the airport:
And that was the last we saw of a mask for a long time. The Northern Territory has been largely COVID free and felt… normal. We ended up there on “Territory Day” with @TimmyTrumpet DJ’ing on the beach with the balmy 34C winter sunset, and life was good 😊
“When users use a private window in Firefox, the connection to the requested domain will now default to HTTPS even if a user manually enters the HTTP protocol” zdnet.com/article/firefo…
Firefox 91 in private mode after attempting to load a site over the insecure scheme that refuses to do HTTPS. Welcome to the future, I like this 😊
Note that you can still access the site - nobody has killed HTTP here - you're just warned about there not being a secure connection. You can still decide to load it and take the chance.
I like the principal behind this and I’ve got a lot more confidence in Apple to do it in a privacy-centric fashion than others: arstechnica.com/tech-policy/20…
But some of the comments in there seem to really miss the mark, for example “Client-side scanning on one ‘end’ of the communication breaks the security of the transmission”. Huh? It’s being done outside the context of any transmission, how does it “break the security”?!
Or this one: “informing a third party (the parent) about the content of the communication undermines its privacy”. This a cornerstone of parental controls, seeing what your kids are doing! The whole point is to limit their ability to sneak comms past parents.
For folks asking about 8.4B record “RockYou2021” password list that’s in the news today, this is an aggregation of multiple other lists. For example, this password cracking list: crackstation.net/crackstation-w…
Among other things, it contains “every word in the Wikipedia databases” and words from the Project Gutenberg free ebook collection: gutenberg.org
Unlike the original 2009 RockYou data breach and consequent word list, these are not “pwned passwords”; it’s not a list of real world passwords compromised in data breaches, it’s just a list of words and the vast majority have *never* been passwords