Troy Hunt
@troyhunt.com
Creator of Have I Been Pwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Reposted by Troy Hunt
New breach: Online coding practice tool CodeStepByStep had 17k records breached last week. Data included name, username and email address. 61% were already in @haveibeenpwned.com . Read more: haveibeenpwned.com/Breach/CodeS...
Have I Been Pwned: CodeStepByStep Data Breach
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
haveibeenpwned.com
November 23, 2025 at 5:57 AM
New breach: Online coding practice tool CodeStepByStep had 17k records breached last week. Data included name, username and email address. 61% were already in @haveibeenpwned.com . Read more: haveibeenpwned.com/Breach/CodeS...
Weekly update is up! Record (?) HIBP Traffic Month; The Week in Breaches; IoT Water Meter Reader with Home Assistant and AI www.troyhunt.com/weekly-updat...
Weekly Update 479
I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today,…
www.troyhunt.com
November 23, 2025 at 5:46 AM
Weekly update is up! Record (?) HIBP Traffic Month; The Week in Breaches; IoT Water Meter Reader with Home Assistant and AI www.troyhunt.com/weekly-updat...
Reposted by Troy Hunt
New breach: In March, 1.8M records allegedly obtained from the ADDA housing societies service was posted to a public hacking forum. Data included email, name, phone and MD5 password hash. 67% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/ADDA
Have I Been Pwned: ADDA Data Breach
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers...
haveibeenpwned.com
November 23, 2025 at 1:24 AM
New breach: In March, 1.8M records allegedly obtained from the ADDA housing societies service was posted to a public hacking forum. Data included email, name, phone and MD5 password hash. 67% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/ADDA
Big thanks to @1password.bsky.social for sponsoring my blog this week. 1Password Extended Access Management: Secure every sign-in for every app on every device. 1password.com/troyhunt
SaaS Governance: Discover, govern, and optimize SaaS spending with Trelica by 1Password | 1Password
Modern SaaS governance is complex. Trelica by 1Password solves these challenges by providing deep visibility, automation & actionable insights to reduce risk.
1password.com
November 22, 2025 at 2:04 AM
Big thanks to @1password.bsky.social for sponsoring my blog this week. 1Password Extended Access Management: Secure every sign-in for every app on every device. 1password.com/troyhunt
Going live with my weekly vid in 15 mins! Record (?) HIBP Traffic Month; The Week in Breaches; IoT Water Meter Reader with Home Assistant and AI youtube.com/live/h4lzcex...
Weekly Update 479
Record (?) HIBP Traffic Month; The Week in Breaches; IoT Water Meter Reader with Home Assistant and AI; Sponsored by 1Password
youtube.com
November 20, 2025 at 11:15 PM
Going live with my weekly vid in 15 mins! Record (?) HIBP Traffic Month; The Week in Breaches; IoT Water Meter Reader with Home Assistant and AI youtube.com/live/h4lzcex...
Reposted by Troy Hunt
New breach: The International Kiteboarding Organization had 340k records breached this month. Data included email address, name, username and geolocation. 70% were already in @haveibeenpwned.com . Read more: haveibeenpwned.com/Breach/IKO
Have I Been Pwned: International Kiteboarding Organization Data Breach
In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email add...
haveibeenpwned.com
November 20, 2025 at 10:52 PM
New breach: The International Kiteboarding Organization had 340k records breached this month. Data included email address, name, username and geolocation. 70% were already in @haveibeenpwned.com . Read more: haveibeenpwned.com/Breach/IKO
Reposted by Troy Hunt
New breach: Beckett Collectibles experienced a breach and website content defacement this month. A portion of the data leaked publicly, including more than 500k alleged North American email addresses. 84% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Beckett
Have I Been Pwned: Beckett Collectibles Data Breach
In November 2025, Beckett Collectibles experienced a data breach accompanied by website defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequent...
haveibeenpwned.com
November 20, 2025 at 5:49 AM
New breach: Beckett Collectibles experienced a breach and website content defacement this month. A portion of the data leaked publicly, including more than 500k alleged North American email addresses. 84% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Beckett
Reposted by Troy Hunt
New breach: Eurofiber France had 10k unique email addresses breached last week in an attack on its ticket management platform. Some records also included name and phone number. 33% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Eurof...
Have I Been Pwned: Eurofiber Data Breach
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequentl...
haveibeenpwned.com
November 20, 2025 at 2:52 AM
New breach: Eurofiber France had 10k unique email addresses breached last week in an attack on its ticket management platform. Some records also included name and phone number. 33% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Eurof...
Reposted by Troy Hunt
New breach: Vultr had 188k email addresses breached via a security incident at a third-party in 2022. Some records also contained name, IP and country. 44% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Vultr
Have I Been Pwned: Vultr Data Breach
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign ema...
haveibeenpwned.com
November 20, 2025 at 1:29 AM
New breach: Vultr had 188k email addresses breached via a security incident at a third-party in 2022. Some records also contained name, IP and country. 44% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Vultr
We’ve had an absolutely MASSIVE month at @haveibeenpwned.com! 20M visitors, billions of processed records, a major rewrite of our ingestion pipeline (thanks @stebet.net!) and seemingly endless support tickets and other enquires. Every time I think it’s peaked…
November 19, 2025 at 8:18 PM
We’ve had an absolutely MASSIVE month at @haveibeenpwned.com! 20M visitors, billions of processed records, a major rewrite of our ingestion pipeline (thanks @stebet.net!) and seemingly endless support tickets and other enquires. Every time I think it’s peaked…
Weekly update is up! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 www.troyhunt.com/weekly-updat...
Weekly Update 478
This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation…
www.troyhunt.com
November 16, 2025 at 11:33 PM
Weekly update is up! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 www.troyhunt.com/weekly-updat...
Big thanks to Malwarebytes for sponsoring my blog this week! Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing www.malwarebytes.com/browserguard...
Browser Guard: 100% free ad blocker browser extension
Malwarebytes Browser Guard for Chrome, Firefox, Safari and Edge helps protect your online privacy from ad trackers and more.
www.malwarebytes.com
November 15, 2025 at 1:58 AM
Big thanks to Malwarebytes for sponsoring my blog this week! Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing www.malwarebytes.com/browserguard...
Going live with my weekly vid in half an hour! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 youtube.com/live/B46JhYw...
Weekly Update 478
Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0; Sponsored by Malwarebytes
youtube.com
November 14, 2025 at 10:30 PM
Going live with my weekly vid in half an hour! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 youtube.com/live/B46JhYw...
Weekly update is up: I’m in Belgium! Here’s everything that went wrong with loading 2 billion breached email addresses… www.troyhunt.com/weekly-updat...
Weekly Update 477
What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are…
www.troyhunt.com
November 12, 2025 at 11:31 PM
Weekly update is up: I’m in Belgium! Here’s everything that went wrong with loading 2 billion breached email addresses… www.troyhunt.com/weekly-updat...
Going live with my weekly vid in 10 mins: I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
Weekly Update 477
I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
www.youtube.com
November 9, 2025 at 7:50 AM
Going live with my weekly vid in 10 mins: I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
Reposted by Troy Hunt
New sensitive breach: Hungarian political party TISZA suffered a breach of its TISZA Világ platform last month, exposing 200k records, later published online. Data included email, name, phone & physical address. 41% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Tisza
Have I Been Pwned: TISZA Világ Data Breach
In November 2025, data breached from the Hungarian political party TISZA was extensively redistributed online. Stemming from a compromise of the TISZA Világ service the previous month, the breach expo...
haveibeenpwned.com
November 8, 2025 at 10:11 AM
New sensitive breach: Hungarian political party TISZA suffered a breach of its TISZA Világ platform last month, exposing 200k records, later published online. Data included email, name, phone & physical address. 41% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Tisza
Reposted by Troy Hunt
New credential stuffing data: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. Data included 2B unique email addresses and 1.3B unique passwords. 76% of emails were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
Have I Been Pwned: Synthient Credential Stuffing Threat Data Data Breach
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of em...
haveibeenpwned.com
November 6, 2025 at 5:15 AM
New credential stuffing data: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. Data included 2B unique email addresses and 1.3B unique passwords. 76% of emails were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned.com subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done www.troyhunt.com/2-billion-em...
2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned
I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from ...
www.troyhunt.com
November 6, 2025 at 5:09 AM
This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned.com subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done www.troyhunt.com/2-billion-em...
Weekly update is up! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread www.troyhunt.com/weekly-updat...
Weekly Update 476
The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to…
www.troyhunt.com
November 3, 2025 at 11:03 PM
Weekly update is up! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread www.troyhunt.com/weekly-updat...
Going live with my weekly vid in 15 minutes! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread youtube.com/live/etA4EWZ...
Troy Hunt is live
I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread
youtube.com
October 31, 2025 at 3:15 PM
Going live with my weekly vid in 15 minutes! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread youtube.com/live/etA4EWZ...
Reposted by Troy Hunt
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Cyber injunctions put victims at risk, experts warn
Qantas stands by controversial legal tactic.
ia.acs.org.au
October 27, 2025 at 3:54 AM
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Uh, who’s gonna tell them? “We felt the injunction was an important course of action to further protect our customers and so far, it has been effective in preventing the stolen data being accessed, released or published by third parties”
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Cyber injunctions put victims at risk, experts warn
Qantas stands by controversial legal tactic.
ia.acs.org.au
October 27, 2025 at 10:11 AM
Uh, who’s gonna tell them? “We felt the injunction was an important course of action to further protect our customers and so far, it has been effective in preventing the stolen data being accessed, released or published by third parties”
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
How We (Almost) Found Chromium's Bug via Crash Reports to Report URI
Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as…
www.troyhunt.com
October 27, 2025 at 9:11 AM
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
Reposted by Troy Hunt
New breach: Last week, MyVidster had almost 4M user records posted to a public hacking forum. Data included email address, username and in some cases, profile photo. 38% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/MyVid...
Have I Been Pwned: MyVidster (2025) Data Breach
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of case...
haveibeenpwned.com
October 27, 2025 at 2:45 AM
New breach: Last week, MyVidster had almost 4M user records posted to a public hacking forum. Data included email address, username and in some cases, profile photo. 38% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/MyVid...
Weekly update is up! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests www.troyhunt.com/weekly-updat...
Weekly Update 475
It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to…
www.troyhunt.com
October 26, 2025 at 1:22 AM
Weekly update is up! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests www.troyhunt.com/weekly-updat...