"have i been pwned"

Largest dump in history: 2.7 billion records; 773 million of them unique; 140 million never seen before

A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before. Read the rest

Firefox Monitor: get alerts if your data shows up in a breach

Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." It's good advice: certainly, it's easier to put into practice than convincing your mother to travel back in time and change her "maiden name." Read the rest

Discus breached 17.5 million user accounts in 2012, then did everything right about it in 2017

This weekend, we learned that Discus -- the commenting system we once used here on Boing Boing -- suffered a breach in 2012 in which 17.5m user accounts (email addresses, signup names, account activity dates and some unsalted, weakly encrypted passwords) were stolen. Read the rest

Download 306,000,000 cracked passwords and make sure you're not using one of them

Troy Hunt, proprietor of the Have I Been Pwned? service, has made 306,000,000 known-cracked passwords available as a download -- you can grab the set and make sure that yours isn't among them, as these cracked passwords are the ones that are likely being used by hackers when they do brute-force attacks against encrypted password files. Read the rest

Security researchers repeatedly warned Kids Pass about bad security, only to be ignored and blocked

Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common -- and serious -- security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords. Read the rest

How companies should plan for, and respond to, security breaches

Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers' data; undersecured it; and then failed to warn their customers that they were at risk. Read the rest

Collapsing "connected toy" company did nothing while hackers stole millions of voice recordings of kids and parents

Spiral Toys -- a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 -- makes a line of toys called "Cloudpets," that use an app to allow parents and children to exchange voice-messages with one another. They exposed a database of millions of these messages, along with sensitive private information about children and parents, for years, without even the most basic password protections -- and as the company imploded, they ignored both security researchers and blackmailers who repeatedly contacted them to let them know that all this data was being stolen. Read the rest

Social media site targeted at teen girls is leaking 5.5M+ passwords right now

I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. Read the rest

Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) -- which is why the Australian government's decision to collect and retain -- for 10 years -- personally identifying information on census participants is such a big deal. Read the rest

Anal fisting site breached: 100K passwords, usernames, email addresses and IPs extracted

Rosebuttboard.com is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users. Read the rest

Vtech breach dumps 4.8m families' information, toy security is to blame

Vtech is a ubiquitous Hong Kong-based electronic toy company whose kiddy tablets and other devices are designed to work with its cloud service, which requires parents to set up accounts for their kids. 4.8 million of those accounts just breached, leaking a huge amount of potentially compromising information, from kids' birthdays and home addresses to parents passwords and password hints. Read the rest

New podcast on new forms of power in networked societies

Jamie King sez, "The Emergents Podcast, a new show from the creator of STEAL THIS FILM, considers the development of a new form of power inside our networked society. In this pilot episode (MP3), Peter Sunde (The Pirate Bay), Troy Hunt (Have I Been Been Pwned) and network security consultant Ella Saitta consider the Ashley Madison hack, strange 'network collectives' like Impact Team and the 'volatile, unstable, complex and arbitrary' world they're bringing into being." Read the rest

:)