#haveibeenpwned — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #haveibeenpwned, aggregated by home.social.
-
ShinyHunters Breach Exposes 200,000 Zara Customers
A massive data breach at fashion giant Zara has exposed the sensitive information of over 197,000 customers, including email addresses, order details, and support ticket info, after a hacking group called ShinyHunters gained unauthorized access to the company's systems. The breach was quickly contained, with parent company Inditex alerting authorities and…
-
Class-action lawsuit with a free year of credit monitoring incoming in 3… 2… 1…
Alas, as an Amtrak passenger who has had my share of train trouble and therefore support tickets, my info (name, email address, physical address, support ticket details) was included in this breach. 🤦
https://haveibeenpwned.com/Breach/Amtrak
#infosec #breach #Amtrak #HaveIBeenPwned -
oh, I haven't seen this feature in Mozillas Firefox before...
nice.(but my account is deleted anyway, just the password was still in my Firefox - until now)
#haveibeenpwned #faceobook #passwords #databreach #mozilla #firefox
-
Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy -
Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy -
Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy -
Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy -
Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy -
RE: https://mastodon.social/@Tweakers/116153165696602893
#Odido stopt met eigen abonnee administratie software en stapt over op de SAAS oplossing van #HaveIBeenPwned
De migratie lijkt recent voltooid
-
RE: https://infosec.exchange/@haveibeenpwned/116129966515783519
I’m part of this breach 😢
I’m glad I changed my phone number, address, and credit card. My passwords are unique, thanks to #bitwarden and my self-hosted #vaultwarden.
-
RE: https://mastodon.social/@Matthijs85/116138162225703308
Door slechte beveiliging EN onverantwoordelijke afhandeling Odido, honderdduizenden BSN's op straat.🤨
En gevoelige medische gegevens, stalkingszaken, enz.😲
En als ze zo blijven handelen, worden het er miljoenen.🙄🤦♂️Check hier of je er al tussen staat: https://haveibeenpwned.com/Breach/Odido
#Odido #odidohack #haveibeenpwned #cybersecurity #cybersec -
#CarGurus: #HaveIBeenPwned integriert Daten von 12,5 Millionen Kunden | Security https://www.heise.de/news/CarGurus-ShinyHunters-kopieren-Datensaetze-von-12-5-Millionen-Nutzern-11185847.html #HIBP #CyberCrime #Datenschutz #privacy #DataLeak #Datenleck
-
📬 Leak-Check im Alltag: Wie sich feststellen lässt, ob personenbezogene Daten im Umlauf sind, ohne in Panik zu verfallen
#Cyberangriffe #Datenschutz #Gastartikel #EMailAdresse #HassoPlattnerInstitut #haveibeenpwned #IdentityLeakChecker #LeakCheck #paypal #Zugangsdaten https://sc.tarnkappe.info/32b35e -
Xiii... Atualizem suas senhas do apoia.se pq rolou vazamento de dados de 451 mil contas em dezembro de 2025!
https://haveibeenpwned.com/Breach/APOIAse
#haveibeenpwned #apoiase #vazamentodedados #cybersecurity #segurancadigital
-
Sooo, Epsteins E-Mail address has been part of 3 breaches according to #haveibeenpwned. One of them by a "social planning website for managing online invitations", where the breach contained data going "back to 2013".
I hope the authorities had a look at what he did on that platform and who received such "online invitations". Just saying.
-
#SoundCloud-Hack: #HIBP-Datenbank nimmt Daten von 30 Millionen Accounts auf | Security https://www.heise.de/news/SoundCloud-Hack-30-Millionen-Accounts-betroffen-Daten-nun-in-HIBP-Datenbank-11155319.html #CyberCrime #Hacking #phishing #HaveIBeenPwned
-
Looks like SoundCloud had a data breach.
https://haveibeenpwned.com/Breach/SoundCloud
Fortunately no passwords were compromised, but the following were:
-
#Datenleck: 72 Millionen Datensätze von #UnderArmour geleakt | Security https://www.heise.de/news/Datenleck-72-Millionen-Datensaetze-von-Under-Armour-geleakt-11148785.html #DataLeak #HIBP #HaveIBeenPwned #Datenschutz #privacy #phishing #Ransomware #Malware #Everest
-
#Instagram-#Datenleck: Daten von 6,2 Millionen Konten bei Have-I-Been-Pwned | Security https://www.heise.de/news/Instagram-6-2-Millionen-Nutzerdaten-mittels-Scraping-abgegriffen-11137222.html #HIBP #Datenschutz #privacy #HaveIBeenPwned #SocialMedia #DataLeak
-
I just received an email from my "energy provider" (gas and electricity) informing me they were pwned and all my personal data (including my IBAN) was exfiltrated from their systems. Thank you, Energia XXI (which is actually Endesa, following the latest trend in the energy sector of renaming, because everybody is just so fucking fed up with them) #haveibeenpwned doesn't show the breach yet.
#cybersecurity #energiaxxi #endesa -
Habt ihr schon eure E-Mail-Adresse überprüft? 🔍 Ein neues Datenleck bei Instagram sorgt für Unruhe im Netz. Durch Scraping von Instagram-Schnittstellen haben Cyberkriminelle Daten von 6,2 Millionen Nutzern abgegriffen und zum Verkauf angeboten.
Zum Artikel: https://heise.de/-11137222?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Datenschutz #Instagram #Datenleck #Cybersecurity #HaveIBeenPwned
-
Early 2023 I made the mistake to ask #ChatGPT to help me with a research on emoji.
People were raging about it.
That way I figured out about hallucinated content and links, before that lawyers story broke.
Most of the links lead to non existent Wired Magazine articles.
So I signed up for a trial membership, curious if the links might be behind the pay-wall.Yesterday #HaveIBeenPwned warned me about a data beach at #Wired.
Since then I’m trying to have them delete my account.
Condé Nast is not making that possible, which is against European law.They can’t locate my account nor delete it.
Yet it has leaked with 2.36 million other accounts.
I can log in, but can’t delete it.I did not expect that form a magazine that claims to be at the forefront of technology. 😡
-
@haveibeenpwned It doesn't look good for them/Condé Nast that I was notified about this via #HaveIBeenPwned and not by them...
-
Laut @haveibeenpwned gab es ein Datenleck bei #Wired (dem Magazin) - interessant, dass die sich noch nicht gemeldet haben und man es durch #HaveIBeenPwned erfährt. Ein paar mehr Infos: https://haveibeenpwned.com/Breach/WIRED
-
FBI Confirms 630 Million Stolen Passwords — How To Check Yours Now
FBI reveals 630 million stolen passwords. getty Updated December 14 with password manager usage advice following reports of…
#NewsBeep #News #Technology #AU #Australia #Feds #haveibeenpwned #HIBP #mypasswordhasbeencompromised #mypasswordhasbeenhacked #password #passwordhacked #passwordhacking #passwordtheft #stolenpassword
https://www.newsbeep.com/au/347798/ -
Processing 630 Million More Pwned Passwords, Courtesy of the FBI https://www.troyhunt.com/processing-630-million-more-pwned-passwords-courtesy-of-the-fbi/ #HaveIBeenPwned
-
Just dropped a new version of my #haveibeenpwned #KeePass plugin
https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/releases/tag/v0.10.0
-
I am doing some password and account cleanup and I ran accross a password that according to #HaveIBeenPwned got leaked _once_ (not more, not less) – now I’m intrigued where did that password leak from.
Is there a reasonably easy way to check which data breach / leak included it?
(I’m just curious, not doing any serious research.)
-
That #Haveibeenpwned Synthient collection is great.
You've been pwned!
OK, now what? Which password? Which one should I change?
¯\_(ツ)_/¯ -
#HaveIBeenPwned: Milliarden neuer Passwörter in Sammlung | Security https://www.heise.de/news/Have-I-Been-Pwned-Milliarden-neuer-Passwoerter-in-Sammlung-11067453.html #HIBP
-
Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data https://hackread.com/have-i-been-pwned-synthient-credential-data-accounts/ #HaveIBeenPwned #Cybersecurity #Infostealer #databreach #Synthient #Security #Malware #Privacy #HIBP
-
NEW 📢 Have I Been Pwned just added 1.96 billion accounts from the Synthient credential data. Check if your email or password is in the list. 🚨
Read: https://hackread.com/have-i-been-pwned-synthient-credential-data-accounts/
#CyberSecurity #HaveIBeenPwned #DataBreach #Passwords #Infosec
-
With the latest data added to #haveIbeenpwned I found out that #Dropbox lost my credentials a second time. 😔
So make sure to check #HIBP webpage with your email addresses and/or your domain to find out which services got hacked.
So I just deleted all my Dropbox data (I haven't used for 13 years because of #Syncthing) in their web interface, changed the password, added 2FA (TOTP) and unlinked all my (outdated) devices. Bye Dropbox! 👋
-
I'm a bit annoyed by what's effectively a sales email process from #haveibeenpwned - notification that an email+password on my personal domain was found in the #Synthient breach. Follow the link, enter the address used to confirm domain ownership, wait for a second email, follow the link, get nothing useful just "Insufficient subscription. Only subscription-free breaches will be returned for this domain."
I'm not feeling a need to pay $4.50/mo to find out which of my per-domain email addresses with unique passwords was breached, nor do I need to run 10 searches per minute.
-
How you actually should respond to that "183 million credentials leak"
What a recent Forbes article got wrong and what it should have told you instead.
https://blog.kamens.us/2025/10/28/how-you-actually-should-respond-to-that-183-million-credentials-leak/
#Forbes #infosec #ClickFix #techSupportScam #HaveIBeenPwned #HIBP #Gmail #Google -
How you actually should respond to that “183 million credentials leak”
There’s a new Forbes article floating around about the trove of 183 million credentials that were recently leaked to Have I Been Pwned. The articles makes a big deal about the fact that there were “Gmail passwords confirmed” in the leak. Let’s break down why it’s a bad article and what you should have been told instead.
The article makes a big deal of the fact that “Gmail passwords” were included in the leak without saying a single word about the fact that your Gmail password is also your Google password. Google Photos, Google Docs, Google Drive, any site you’ve used “log in with Google” on… all these are compromised if your “Gmail password” is. It’s kind of laughable that this article goes to some effort to fearmonger about compromised “Gmail passwords” when the problem it’s trying to scare people about is actually worse than it says it is.
While the article understates the damage from the leak in that way, it overstates it in another. This article, and others that have reported about this leak, fails to provide the important context that if you practice decent device hygiene and your devices have not been compromised by infostealers, then none of your account passwords are in this leak. Furthermore, because we all have many accounts and infostealers vacuum up credentials from all of them, my guess is that you would have to divide that number by at least 3 or 4 to arrive at a reasonable estimate of the number of impacted people, which is far more relevant than the number of impacted accounts. Given that there are billions of people in the world who log into websites, and we’re talking maybe 20 million people affected by this leak, it’s actually pretty unlikely that you are.
Once the article is finished both understanding and overstating the problem it’s reporting on, it gets around to telling you what it thinks you should do about it, and it gets that wrong too.
- When discussing how your password manager can help protect you against compromised passwords, it focuses entirely on the Chrome password manager; there isn’t a single word about how other password managers offer similar features and protections. Maybe the author should have done some real research and reporting here rather than just paraphrasing the press release Google sent him.
- It focuses on people enabling 2-step verification on their Google accounts—again, just quoting from Google—rather than making it clear that they should be using strong two-factor authentication or passkeys for all of their accounts, wherever it is offered.
- It makes a brief nod to the fact that you should not be reusing passwords on multiple websites without making explicit that the best way to do that is to use a password manager, which everyone should be doing; “if you are a user of the Chrome password manager” is not the same as “you should be using a password manager!”
- It doesn’t say a single word about the fact that if your data is in this leak, then one of your devices was compromised, and you need to clean your devices and practice better device security practices in the future. Yes, how to do all this is beyond the scope of an article like this, but the article should at least mention it and linked to some outside sources for more information.
- While it does hint (under the misleading heading “What We Know About The 183 Million Passwords Data Leak”) that everyone should register with Have I Been Pwned to get notified automatically about breaches or leaks that impact them (well, aside from the ones HIBP is legally prohibited from warning you about), it is far less explicit about this than it should be.
Here’s the TLDR
- This isn’t just a Gmail problem.
- Register at Have I Been Pwned if you haven’t already.
- Practice good device security hygiene. Most importantly:
- keep your OS and apps up-to-date;
- keep your device security software enabled (macOS, Windows, iOS, and Android all have it built in; you probably don’t need to pay for a third-party antivirus tool);
- keep the malware protections in your web browser enabled; and
- if you keep important data locally on your device, back it up following the 3-2-1 rule.
- Change your passwords for any of the sites HIBP says have been compromised, if you haven’t already. While you’re doing that, enable strong 2FA (not email or SMS) or set up a passkey.
- Use strong 2FA or passkeys everywhere else.
- Use a password manager for all of your passwords, and use long, random, unique passwords generated by the password manager.
- Don’t invite hackers onto your device by falling for tech-support or ClickFix scams or enabling browser notifications from shady websites.
*sigh* OK, that last point isn’t as obvious as the previous ones. I can’t with a straight face explain them in a section entitled “Here’s the TLDR”, so I suppose this article needs to be a bit longer…
What are tech-support scams and how to avoid them
If anyone you don’t know tells you they’re helping you fix a problem with your computer and they need you to give them remote access or run some commands they send you, they are almost certainly scammers and you absolutely should not do what they’re asking.
If you suddenly see a pop-up on your computer telling you it’s compromised or broken and giving you a phone number you should call or website you should visit for help getting it fixed, this is almost certainly a scam and you should ignore it. If they’ve managed to make the message fill up the whole screen and you can’t figure out how to get rid of it, then this is even more true. The more flashier and loud the warning is, the more likely it is that it’s a scam.
Do not ask the bad guys how to make the message go away. They will manipulate you into compromising your computer. Ask someone you know in person for help. If you don’t have anyone to ask, call Geek Squad and ask them to come out and help you and show you how to get rid of the messages yourself next time. Believe me, paying Geek Squad a couple hundred dollars is preferable to giving hackers the run of your computer.
Also don’t fall for it if someone calls you randomly on the phone and tells you they’re from “tech support” or Microsoft or Apple or Google or whatever and they’ve detected a problem with your computer and they’re calling you to help you fix it. No one calling you on the phone to tell you they’ve detected a problem with your computer is legitimate.
What are ClickFix scams and how to avoid them
If a message pops up on your computer saying you need to copy and paste a command into a command prompt, the Windows run prompt (Command-R), your browser’s developer console, etc. to fix something, or to get through an “are you human?” check, it is a scam and you shouldn’t do it. The website you’re visiting is compromised, and the people who compromised the website are now trying to compromise your device as well.
These attacks often show you an innocent-looking command they’re telling you to copy and paste and say “Click here to copy this command,” but in fact when you “click here” it copies a malicious command that’s different from what they showed you. If you find that a bit difficult to grasp, think about the fact that this link doesn’t point to a website called “this link”.
Stop enabling crappy browser browser push notifications, just stop
There are a lot of shady websites out there trying to trick you into visiting them instead of the legitimate website you actually intended to visit. And for many of these shady websites, the very first thing they will do when you visit their homepage is pop up a message asking you to let them send you notifications. The pop-up often doesn’t even use the word “notifications”, it uses exciting, useful-sounding language, e.g., “Click here to to keep getting important news updates!”
If you’re the kind of person who tends to end up on these shady websites and say yes when asked to allow notifications, then you probably already know it, because you’re probably already getting notifications from them constantly.
Stop letting them do that to you.
These constant notifications are literally unhealthy, but aside from that, they’re also a security risk, because they are often used as a vector for tech-support and ClickFix scams.
You don’t need the notifications. You don’t need the constant dopamine hits. They are not healthy or safe.
Every browser is a little different, but you can search for, e.g., “Edge disable push notifications” or “Chrome disable push notifications” to find out how to turn off these notifications for the browser you use.
If you are absolutely certain there is a completely legitimate website you want to allow push notifications from, you can enable notifications manually for that specific website. This is usually accomplished by clicking a button or something to the left of the website URL at the top of the browser window to view and update the browser settings for this particular website.
#2fa #breach #ClickFixScam #Forbes #Gmail #Google #HaveIBeenPwned #HIBP #passkeys #pushNotifications #techSupportScam
-
📣 New Podcast! "Have You Been Breached" Amy Lynn unpacks the sting of data breaches, like getting that dreaded “Your account’s compromised” email. In 2024,
#2fa #biblestudy #christianpodcast #cybersecurity #databreach #ephesians616 #faith #faithandtech #godsprotection #hacked #haveibeenpwned #identitytheft #mydataremoval #onlinesecurity #passwords #phishingscams #strongpasswords #tech Listen here: http://www.amylynn.org/podcast -
📣 New Podcast! "Have You Been Breached" Amy Lynn unpacks the sting of data breaches, like getting that dreaded “Your account’s compromised” email. In 2024,
#2fa #biblestudy #christianpodcast #cybersecurity #databreach #ephesians616 #faith #faithandtech #godsprotection #hacked #haveibeenpwned #identitytheft #mydataremoval #onlinesecurity #passwords #phishingscams #strongpasswords #tech Listen here: http://www.amylynn.org/podcast -
📣 New Podcast! "Have You Been Breached" Amy Lynn unpacks the sting of data breaches, like getting that dreaded “Your account’s compromised” email. In 2024,
#2fa #biblestudy #christianpodcast #cybersecurity #databreach #ephesians616 #faith #faithandtech #godsprotection #hacked #haveibeenpwned #identitytheft #mydataremoval #onlinesecurity #passwords #phishingscams #strongpasswords #tech Listen here: http://www.amylynn.org/podcast -
📣 New Podcast! "Have You Been Breached" Amy Lynn unpacks the sting of data breaches, like getting that dreaded “Your account’s compromised” email. In 2024,
#2fa #biblestudy #christianpodcast #cybersecurity #databreach #ephesians616 #faith #faithandtech #godsprotection #hacked #haveibeenpwned #identitytheft #mydataremoval #onlinesecurity #passwords #phishingscams #strongpasswords #tech Listen here: http://www.amylynn.org/podcast -
📣 New Podcast! "Have You Been Breached" Amy Lynn unpacks the sting of data breaches, like getting that dreaded “Your account’s compromised” email. In 2024,
#2fa #biblestudy #christianpodcast #cybersecurity #databreach #ephesians616 #faith #faithandtech #godsprotection #hacked #haveibeenpwned #identitytheft #mydataremoval #onlinesecurity #passwords #phishingscams #strongpasswords #tech Listen here: http://www.amylynn.org/podcast -
Your #logins could be among 180M just added to #HaveIBeenPwned - how to check for free
-
Your #logins could be among 180M just added to #HaveIBeenPwned - how to check for free
-
Your #logins could be among 180M just added to #HaveIBeenPwned - how to check for free
-
183 Million Synthient Stealer Credentials Added to Have I Been Pwned https://hackread.com/synthient-stealer-credentials-have-i-been-pwned/ #HaveIBeenPwned #Cybersecurity #Infostealer #Synthient #Security #Malware #Privacy #Leaks #HIBP
-
183 million stolen credentials from the Synthient Stealer log have just been added to #HaveIBeenPwned. If your email is listed act now: change your passwords, enable 2-step verification and ditch browser-saved logins. 🔒
Read: https://hackread.com/synthient-stealer-credentials-have-i-been-pwned/
-
RunAs Radio Show 1004 - HaveIBeenPwned with Troy Hunt and host Richard Campbell
https://runasradio.com/Shows/Show/1004
#podcast #devcommunity #security #haveibeenpwned #passwords #breaches
-
Get Pwned, Get Local Advice From a Trusted Gov Source – Source: www.troyhunt.com https://ciso2ciso.com/get-pwned-get-local-advice-from-a-trusted-gov-source-source-www-troyhunt-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #HaveIBeenPwned #Troyhuntcom #Troyhunt
-
Welcoming Guardio to Have I Been Pwned’s Partner Program – Source: www.troyhunt.com https://ciso2ciso.com/welcoming-guardio-to-have-i-been-pwneds-partner-program-source-www-troyhunt-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #HaveIBeenPwned #Troyhuntcom #Troyhunt
-
#pihole musste wohl auch einen Angriff über sich ergehen lassen. Der #mozillamonitor und #haveibeenpwned haben heute Nacht eine Info verschickt. Es wurde scheinbar ausschließlich der Spenden-Prozess komprimiert.
Jetzt weiß ich, warum ich in den letzten Tagen so viel Spam/Phishing erhielt.https://pi-hole.net/blog/2025/07/30/compromised-donor-emails-a-post-mortem/