How to get URL link on X (Twitter) App
https://twitter.com/haveibeenpwned/status/1794489234403037253Firstly, this has come after @zackwhittaker's article which boils down to "it's stalkerware and it has appeared in a bunch of hotels it maybe shouldn't have and we know this because it has vulns disclosing what's captured and the company isn't responding" techcrunch.com/2024/05/22/spy…
https://twitter.com/haveibeenpwned/status/1788752687389147557Then there are the 3 different classes of data set published at the bottom of the defacement, let's go through each by file name:
https://twitter.com/BleepinComputer/status/1752460897031684343Firstly on the legitimacy of the data, a bunch of things don't add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names. For example:
https://twitter.com/haveibeenpwned/status/1700054245192417566What's not as clear from the story is the extent to which the data was already circulating before I was able to get in touch with them. Multiple Telegram channels and a popular *clear web* (not dark web) forum were broadly circulating the data.
https://twitter.com/troyhunt/status/1657900036024602625I went with the newer ones from the US as they were smaller, looked a lot neater, support Matter (with a coming add on module) and only took a few days for shipping. They look *great*!
https://twitter.com/haveibeenpwned/status/1611109572550471680Later on today, I'll run a sample set of the data and see if there's any obvious patterns as to where this data come from, but I suspect it'll be credential stuffing lists such as Collection #1.
https://twitter.com/haveibeenpwned/status/1592336455527194628Firstly, there was no response to attempted disclosure via their contact form, no security.txt file and no joy reaching out via Twitter
https://twitter.com/troyhunt/status/1589837012634587136