Troy Hunt: Have I Been Pwned

<!doctype html> <html class="no-js" lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Troy Hunt: Have I Been Pwned - Troy Hunt</title> <meta name="description" content=""> <meta name="HandheldFriendly" content="True" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://www.troyhunt.com/assets/css/main.min.css?v=e63fb51e30"> <link href="//fonts.googleapis.com/css?family=Vollkorn:400,400italic,700,700italic" rel="stylesheet" type="text/css"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" integrity="sha512-DTOQO9RWCH3ppGqcWaEA1BIZOC6xxalwEsw9c2QQeAIftl+Vegovlnee1c9QX4TctnWMn13TZye+giMm8e2LwA==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <link rel="icon" href="https://www.troyhunt.com/content/images/size/w256h256/2021/12/Troy-Hunt-LM-0059_square.png" type="image/png"> <link rel="canonical" href="https://www.troyhunt.com/tag/have-i-been-pwned-3f/"> <meta name="referrer" content="no-referrer-when-downgrade"> <link rel="next" href="https://www.troyhunt.com/tag/have-i-been-pwned-3f/page/2/"> <meta property="og:site_name" content="Troy Hunt"> <meta property="og:type" content="website"> <meta property="og:title" content="Have I Been Pwned - Troy Hunt"> <meta property="og:description" content="Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals"> <meta property="og:url" content="https://www.troyhunt.com/tag/have-i-been-pwned-3f/"> <meta property="og:image" content="https://www.troyhunt.com/content/images/2017/01/1.jpg"> <meta property="article:publisher" content="https://www.facebook.com/troyahunt"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:title" content="Have I Been Pwned - Troy Hunt"> <meta name="twitter:description" content="Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals"> <meta name="twitter:url" content="https://www.troyhunt.com/tag/have-i-been-pwned-3f/"> <meta name="twitter:image" content="https://www.troyhunt.com/content/images/2017/01/1.jpg"> <meta name="twitter:site" content="@troyhunt"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="640"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Series", "publisher": { "@type": "Organization", "name": "Troy Hunt", "url": "https://www.troyhunt.com/", "logo": { "@type": "ImageObject", "url": "https://www.troyhunt.com/content/images/2016/04/Troy-Hunt-Profile-Photo.jpg", "width": 60, "height": 60 } }, "url": "https://www.troyhunt.com/tag/have-i-been-pwned-3f/", "name": "Have I Been Pwned", "mainEntityOfPage": "https://www.troyhunt.com/tag/have-i-been-pwned-3f/" } </script> <meta name="generator" content="Ghost 5.101"> <link rel="alternate" type="application/rss+xml" title="Troy Hunt" href="https://www.troyhunt.com/rss/"> <script defer src="https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js" data-i18n="true" data-ghost="https://www.troyhunt.com/" data-key="5e03cd80efbea6ff26214a466b" data-api="https://troyhunt.ghost.io/ghost/api/content/" data-locale="en" crossorigin="anonymous"></script><style id="gh-members-styles">.gh-post-upgrade-cta-content, .gh-post-upgrade-cta { display: flex; flex-direction: column; align-items: center; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif; text-align: center; width: 100%; color: #ffffff; font-size: 16px; } .gh-post-upgrade-cta-content { border-radius: 8px; padding: 40px 4vw; } .gh-post-upgrade-cta h2 { color: #ffffff; font-size: 28px; letter-spacing: -0.2px; margin: 0; padding: 0; } .gh-post-upgrade-cta p { margin: 20px 0 0; padding: 0; } .gh-post-upgrade-cta small { font-size: 16px; letter-spacing: -0.2px; } .gh-post-upgrade-cta a { color: #ffffff; cursor: pointer; font-weight: 500; box-shadow: none; text-decoration: underline; } .gh-post-upgrade-cta a:hover { color: #ffffff; opacity: 0.8; box-shadow: none; text-decoration: underline; } .gh-post-upgrade-cta a.gh-btn { display: block; background: #ffffff; text-decoration: none; margin: 28px 0 0; padding: 8px 18px; border-radius: 4px; font-size: 16px; font-weight: 600; } .gh-post-upgrade-cta a.gh-btn:hover { opacity: 0.92; }</style> <script defer src="https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/sodo-search.min.js" data-key="5e03cd80efbea6ff26214a466b" data-styles="https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/main.css" data-sodo-search="https://troyhunt.ghost.io/" data-locale="en" crossorigin="anonymous"></script> <link href="https://www.troyhunt.com/webmentions/receive/" rel="webmention"> <script defer src="/public/cards.min.js?v=e63fb51e30"></script> <link rel="stylesheet" type="text/css" href="/public/cards.min.css?v=e63fb51e30"> <script defer src="/public/member-attribution.min.js?v=e63fb51e30"></script><style>:root {--ghost-accent-color: #15171A;}</style> <a rel="me" href="https://infosec.exchange/@troyhunt">Mastodon</a> <script async src="https://www.googletagmanager.com/gtag/js?id=G-B895JNTH7Z"></script> <script type="text/javascript">function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-B895JNTH7Z");</script> </head> <body class="tag-template tag-have-i-been-pwned-3f"> <div id="container"> <div class="header_block container"> <div class="header"> <button class="header_navMenu_button i-menu" id="open-button"></button> <div class="header_navMenu_wrap"> <nav role="navigation"> <ul class="header_navMenu"> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/">Home</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/workshops/">Workshops</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/speaking/">Speaking</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/media/">Media</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/about/">About</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/contact/">Contact</a> </li> <li class="navMenu_list" role="presentation"> <a class="navMenu_link" href="https://www.troyhunt.com/sponsorship/">Sponsor</a> </li> </ul> </nav> </div> <div class="header_socialIcons light"> <ul> <li class="socialIcons_link"> <a class="fa-brands fa-x-twitter" href="https://twitter.com/troyhunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-facebook-f" href="https://www.facebook.com/troyahunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-linkedin-in" href="https://www.linkedin.com/in/troyhunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-youtube" href="https://www.youtube.com/user/troyhuntdotcom"></a> </li> <li class="socialIcons_link"> <a class="fa fa-rss" href="https://feeds.feedburner.com/TroyHunt"></a> </li> </ul> </div> </div> </div> <div class="sponsor_bar content"> <p id="sponsor_message"><strong>Sponsored by:</strong> <i class="fa fa-circle-o-notch fa-spin fa-3x fa-fw"></i></p> </div> <div class="tags"> <article class="tags_item wrap container"> <header class="tags_head"> <h1>Have I Been Pwned</h1> </header> <section class="tags_description"> <p>A 195-post collection</p> </section> </article> </div> <div class="main-wrapper"> <div class="content-wrapper"> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/closer-to-the-edge-hyperscaling-have-i-been-pwned-with-cloudflare-workers-and-caching/">Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching</a></h2> <time datetime="21 November 2024">21 November 2024</time> </header> <section class="article_text post"> <p itemprop="description">I've spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch. Over the years, the service has evolved to use emerging new techniques to not just make things fast, but make them scale more under load, increase availability an... <a href="/closer-to-the-edge-hyperscaling-have-i-been-pwned-with-cloudflare-workers-and-caching/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> <a class="tag" href="/tag/cloudflare/">Cloudflare</a> <a class="tag" href="/tag/azure/">Azure</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/inside-the-demandscience-by-pure-incubation-data-breach/">Inside the DemandScience by Pure Incubation Data Breach</a></h2> <time datetime="13 November 2024">13 November 2024</time> </header> <section class="article_text post"> <p itemprop="description">Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches. 11 years and 14 billion breached records later, I'm still surprised! Jason (not... <a href="/inside-the-demandscience-by-pure-incubation-data-breach/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/the-data-breach-disclosure-conundrum/">The Data Breach Disclosure Conundrum</a></h2> <time datetime="28 September 2024">28 September 2024</time> </header> <section class="article_text post"> <p itemprop="description">The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is. Let's start with tackling what is often a fundamental misunderstanding about disclosure obligations, an... <a href="/the-data-breach-disclosure-conundrum/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/security/">Security</a> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/begging-for-bounties-and-more-info-stealer-logs/">Begging for Bounties and More Info Stealer Logs</a></h2> <time datetime="01 August 2024">01 August 2024</time> </header> <section class="article_text post"> <p itemprop="description">TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" 🤷‍♂️) and don't even get me started... <a href="/begging-for-bounties-and-more-info-stealer-logs/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> <a class="tag" href="/tag/report-uri/">Report URI</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/telegram-combolists-and-361m-email-addresses/">Telegram Combolists and 361M Email Addresses</a></h2> <time datetime="04 June 2024">04 June 2024</time> </header> <section class="article_text post"> <p itemprop="description">Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to. I've loaded it into Have I Been Pwned (HIBP) today because there's a huge amount of previously unseen email addresses and based on all the checks I've done, it's legitimate data. That... <a href="/telegram-combolists-and-361m-email-addresses/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/operation-endgame/">Operation Endgame</a></h2> <time datetime="30 May 2024">30 May 2024</time> </header> <section class="article_text post"> <p itemprop="description">Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture. Since 2013 when I kicked off HIBP as a pet project, it has become an increasingly important part of the security posture... <a href="/operation-endgame/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/have-i-been-pwned-employee-1-0-stefan-jokull-sigurdarson/">Have I Been Pwned Employee 1.0: Stefán Jökull Sigurðarson</a></h2> <time datetime="21 May 2024">21 May 2024</time> </header> <section class="article_text post"> <p itemprop="description">We often do that in this industry, the whole "1.0" thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an "employee". Over time, it grew (and I tell you what, nobody is more surprised by that than me!) and over the last few years, my wife Charlotte got more and more involved. Technically, we're both employees and we work on HIBP things but we're like, well, beta versions. Today, I'm very happy t... <a href="/have-i-been-pwned-employee-1-0-stefan-jokull-sigurdarson/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/inside-the-massive-alleged-att-data-breach/">Inside the Massive Alleged AT&T Data Breach</a></h2> <time datetime="19 March 2024">19 March 2024</time> </header> <section class="article_text post"> <p itemprop="description">I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. (Edit: 12 days after publishing this blog post, it looks like the "alleged" caveat can be dropped, see the addition at the end of the post for more.) But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is sa... <a href="/inside-the-massive-alleged-att-data-breach/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> <a class="tag" href="/tag/security/">Security</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/the-data-breach-personal-stash-ecosystem/">The Data Breach "Personal Stash" Ecosystem</a></h2> <time datetime="29 January 2024">29 January 2024</time> </header> <section class="article_text post"> <p itemprop="description">I've always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they've collected over time and by virtue of existing in the same social circles, trades are frequent, and cards flow back and forth on a regular basis. That's the analogy I often use to describe the data breach "personal stash" ecosystem, but with one key difference: if you trade a... <a href="/the-data-breach-personal-stash-ecosystem/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> <div class="article container"> <article class="article_content wrap" itemscope itemtype="http://schema.org/BlogPosting" role="article"> <header class="post_head post"> <h2 class="post_title"><a href="/inside-the-massive-naz-api-credential-stuffing-list/">Inside the Massive Naz.API Credential Stuffing List</a></h2> <time datetime="18 January 2024">18 January 2024</time> </header> <section class="article_text post"> <p itemprop="description">It feels like not a week goes by without someone sending me yet another credential stuffing list. It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on. Occasionally though, the corpus of data is of much greater significance, most notably the Collection #1 incident of early... <a href="/inside-the-massive-naz-api-credential-stuffing-list/" class="article_link-more fa fa-long-arrow-right"></a> </p> </section> <footer class="post_tag"> <a class="tag" href="/tag/have-i-been-pwned-3f/">Have I Been Pwned</a> </footer> </article> </div> </div> <div class="content-sidebar"> <div class="widget sidebar-featured"> <h4 class="sidebar-featured-header">Troy Hunt</h4> <p>Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals <a href="/about" class="article_link-more fa fa-long-arrow-right"></a></p> </div> <div class="widget sidebar-featured"> <h4 class="sidebar-featured-header">Upcoming Events</h4> <p>I often run <a href="/workshops">private workshops</a> around these, here's upcoming events I'll be at:</p> <div id="events_list"><i class="fa fa-circle-o-notch fa-spin fa-3x fa-fw"></i></div> </div> <div class="widget sidebar-featured"> <h4 class="sidebar-featured-header">Must Read</h4> <ul> <li><a href="/data-breach-disclosure-101-how-to-succeed-after-youve-failed/">Data breach disclosure 101: How to succeed after you've failed</a></li> <li><a href="/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/">Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages</a></li> <li><a href="/heres-how-i-verify-data-breaches/">Here's how I verify data breaches</a></li> <li><a href="/when-nation-is-hacked-understanding/">When a nation is hacked: Understanding the ginormous Philippines data breach</a></li> <li><a href="/how-i-optimised-my-life-to-make-my-job/">How I optimised my life to make my job redundant</a></li> </ul> </div> <div class="widget sidebar-featured"> <a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2F" class="pluralsight-logo"> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 344.3 74.3" xml:space="preserve"><g><g><g><linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="37.3433" y1="2.431" x2="37.3433" y2="73.614"><stop offset="0" style="stop-color:#F05A28" /><stop offset="1" style="stop-color:#EB008B" /></linearGradient><circle fill="url(#SVGID_1_)" cx="37.3" cy="37.3" r="36" /></g><g><path fill="#FFFFFF" d="M31.2,24l23.1,13.3L31.2,50.6L31.2,24 M28.1,18.6l0,37.4l32.4-18.7L28.1,18.6L28.1,18.6z" /><path fill="#FFFFFF" d="M23.7,28l16,9.3l-16,9.3V28 M20.6,22.7v29.2L46,37.3L20.6,22.7L20.6,22.7z" /></g></g><g><g><path fill="#231F20" d="M100.3,37.7c2.6,0,4.2-1.4,4.2-3.5v-0.1c0-2.3-1.6-3.5-4.2-3.5h-4v7H100.3z M92.9,27.5h7.7c4.5,0,7.4,2.6,7.4,6.5v0.1c0,4.4-3.5,6.7-7.8,6.7h-3.9V47h-3.4V27.5z" /></g><polygon fill="#231F20" points="116.5,27.5 119.9,27.5 119.9,43.9 130.2,43.9 130.2,47 116.5,47 " /><g><path fill="#231F20" d="M137.9,38.8V27.5h3.4v11.1c0,3.6,1.9,5.6,4.9,5.6c3,0,4.9-1.8,4.9-5.4V27.5h3.4v11.1c0,5.8-3.3,8.8-8.4,8.8C141.1,47.4,137.9,44.4,137.9,38.8" /><path fill="#231F20" d="M172.7,37.2c2.5,0,4-1.3,4-3.3v-0.1c0-2.1-1.5-3.2-4-3.2h-5v6.6H172.7z M164.3,27.5h8.7c2.5,0,4.4,0.7,5.6,2c1,1.1,1.6,2.5,1.6,4.2v0.1c0,3.2-1.9,5.1-4.7,5.9l5.3,7.4h-4l-4.8-6.8h-4.3V47h-3.4V27.5z" /></g><path fill="#231F20" d="M201.2,39.3l-3.4-7.8l-3.3,7.8H201.2z M196.3,27.4h3.2l8.6,19.6h-3.6l-2-4.7h-9.2l-2,4.7h-3.5L196.3,27.4z" /><polygon fill="#231F20" points="216.4,27.5 219.9,27.5 219.9,43.9 230.1,43.9 230.1,47 216.4,47 " /><g><path fill="#231F20" d="M237.4,44.2l2.1-2.5c1.9,1.6,3.7,2.5,6.2,2.5c2.1,0,3.5-1,3.5-2.5v-0.1c0-1.4-0.8-2.1-4.4-3c-4.2-1-6.5-2.2-6.5-5.8v-0.1c0-3.3,2.8-5.7,6.7-5.7c2.8,0,5.1,0.9,7.1,2.5l-1.8,2.6c-1.8-1.3-3.5-2-5.3-2c-2,0-3.2,1-3.2,2.3v0.1c0,1.5,0.9,2.2,4.6,3.1c4.1,1,6.3,2.5,6.3,5.7v0.1c0,3.7-2.9,5.8-7,5.8C242.5,47.3,239.7,46.3,237.4,44.2" /></g><rect x="261.7" y="27.5" fill="#231F20" width="3.4" height="19.5" /><g><path fill="#231F20" d="M274.5,37.4L274.5,37.4c0-5.5,4.2-10.1,10.1-10.1c3.4,0,5.5,0.9,7.5,2.6l-2.2,2.6c-1.5-1.3-3-2.1-5.5-2.1c-3.6,0-6.3,3.2-6.3,6.9v0.1c0,4,2.6,7,6.6,7c1.8,0,3.5-0.6,4.7-1.5v-3.7h-5v-3h8.3v8.2c-1.9,1.6-4.7,3-8.1,3C278.5,47.4,274.5,43,274.5,37.4" /></g><polygon fill="#231F20" points="302.2,27.5 305.6,27.5 305.6,35.7 315,35.7 315,27.5 318.4,27.5 318.4,47 315,47 315,38.8 305.6,38.8 305.6,47 302.2,47 " /><polygon fill="#231F20" points="327,27.5 327,30.7 333.2,30.7 333.2,47 336.6,47 336.6,30.7 342.8,30.7 342.8,27.5 " /></g></g></svg> </a> <p>Don't have Pluralsight already? <a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fbilling.pluralsight.com%2Findividual%2Fcheckout">How about a 10 day free trial?</a> That'll get you access to thousands of courses amongst which are dozens of my own including:</p> <ol> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fowasp-top10-aspdotnet-application-security-risks">OWASP Top 10 Web Application Security Risks for ASP.NET</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fhttps-every-developer-must-know">What Every Developer Must Know About HTTPS</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fhack-yourself-first">Hack Yourself First: How to go on the Cyber-Offense</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Finformation-security-big-picture">The Information Security Big Picture</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fethical-hacking-social-engineering">Ethical Hacking: Social Engineering</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fmodernizing-websites-microsoft-azure">Modernizing Your Websites with Azure Platform as a Service</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fbrowser-security-headers">Introduction to Browser Security Headers</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fethical-hacking-sql-injection">Ethical Hacking: SQL Injection</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fweb-security-owasp-top10-big-picture">Web Security and the OWASP Top 10: The Big Picture</a></li> <li><a href="https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fethical-hacking-web-applications">Ethical Hacking: Hacking Web Applications</a></li> </ol> </div> </div> </div> <nav class="pagination container" role="navigation"> <div class="pagination_content wrap"> <a class="pagination_prev fa fa-long-arrow-right" href="/tag/have-i-been-pwned-3f/page/2/"></a> <a class="pagination_prev" href="/tag/have-i-been-pwned-3f/page/2/">Older posts</a> <ul class="pagination_pages"> <li><span>Page 1 of 20</span></li> </ul> </div> </nav> </div> <footer id="footer"> <div class="footer_block" id="floating_subscribe"> <div class="footer"> <a href="#subscribe" id="subscribe_link">Subscribe <i class="fa fa-envelope-o" aria-hidden="true"></i></a> <div class="subscribe_close"> <a href="#" id="close_floating_subscribe"><i class="fa fa-times" aria-hidden="true"></i></a> </div> </div> </div> <div class="footer_subscription_block container"> <div class="footer_subscription wrap"> <div class="footer_subscription_formGroup"> <a id="subscribe"></a> <h4>Subscribe Now!</h4> <form name="subscribe_form" id="subscribe_form"> <div id="new_subscription"> <div id="subscribe_unsuccessful"></div> <p> Send new blog posts:<br /> <div class="radio_button_group"><input type="radio" name="email_cadence" id="Daily" value="Daily" checked> <label for="Daily">daily</label></div> <div class="radio_button_group"><input type="radio" name="email_cadence" id="Weekly" value="Weekly"> <label for="Weekly">weekly</label></div> </p> <input type="email" value="" name="email_to_subscribe" id="email_to_subscribe" placeholder="email address" required> <input type="submit" value="go!" id="submit_subscribe" /> </div> <div id="confirm_captcha"><p>Hey, just quickly confirm you're not a robot:</p></div> <div id="subscribe_loading"><p><i class="fa fa-cog fa-spin" aria-hidden="true"></i> Submitting...</p></div> <div id="subscribe_successful"><p>Got it! Check your email, click the confirmation link I just sent you and we're done.</p></div> </form> </div> </div> </div> <div class="footer_informations_block container"> <div class="footer_informations wrap"> <div class="footer_information-1 col-3"> <h6>Copyright 2024, Troy Hunt</h6> <p>This work is licensed under a <a rel="license" href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>. In other words, share generously but provide attribution.</p> </div> <div class="footer_information-2 col-3"> <h6>Disclaimer</h6> <p>Opinions expressed here are my own and may not reflect those of others. Unless I'm quoting someone, they're just my own views.</p> </div> <div class="footer_information-3 col-3"> <h6>Published with Ghost</h6> <p>This site runs entirely on <a href="https://ghost.org/">Ghost</a> and is made possible thanks to their kind support. Read more about <a href="https://www.troyhunt.com/its-a-new-blog/">why I chose to use Ghost</a>.</p> </div> </div> </div> <div class="footer_info_block container"> <div class="footer_info wrap"> <div class="footer_socialIcons"> <ul> <li class="socialIcons_link"> <a class="fa-brands fa-x-twitter" href="https://twitter.com/troyhunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-facebook-f" href="https://www.facebook.com/troyahunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-linkedin-in" href="https://www.linkedin.com/in/troyhunt"></a> </li> <li class="socialIcons_link"> <a class="fa-brands fa-youtube" href="https://www.youtube.com/user/troyhuntdotcom"></a> </li> <li class="socialIcons_link"> <a class="fa fa-rss" href="https://feeds.feedburner.com/TroyHunt"></a> </li> </ul> </div> </div> </div> </footer> <script type="text/javascript"> !function(s){"use strict";function e(s){return new RegExp("(^|\\s+)"+s+"(\\s+|$)")}function n(s,e){var n=a(s,e)?c:t;n(s,e)}var a,t,c;"classList"in document.documentElement?(a=function(s,e){return s.classList.contains(e)},t=function(s,e){s.classList.add(e)},c=function(s,e){s.classList.remove(e)}):(a=function(s,n){return e(n).test(s.className)},t=function(s,e){a(s,e)||(s.className=s.className+" "+e)},c=function(s,n){s.className=s.className.replace(e(n)," ")});var i={hasClass:a,addClass:t,removeClass:c,toggleClass:n,has:a,add:t,remove:c,toggle:n};"function"==typeof define&&define.amd?define(i):s.classie=i}(window); !function(){function e(){n()}function n(){i.addEventListener("click",t),d&&d.addEventListener("click",t),c.addEventListener("click",function(e){var n=e.target;a&&n!==i&&t()})}function t(){a?classie.remove(o,"show-menu"):classie.add(o,"show-menu"),a=!a}var o=document.body,c=document.querySelector("#container"),i=document.getElementById("open-button"),d=document.getElementById("close-button"),a=!1;e();for(var r=function(e){e.preventDefault(),window.open(this.href,"social-share","width=580,height=296")},s=document.getElementsByClassName("article-open_window"),u=0;u<s.length;u++)s[u].addEventListener("click",r,!1)}(); function showUnsponsored(){document.getElementById("sponsor_message").innerHTML='<a href="/sponsorship"><strong>Sponsored by:</strong> I\'m unsponsored today, click to learn more</a>'}function showNoEvents(){document.getElementById("events_list").innerHTML="<p>No upcoming events were found</p>"}function showSponsor(e){null===e?showUnsponsored():document.getElementById("sponsor_message").innerHTML='<a href="'+e.campaignUrl+'" target="_blank" rel="noopener"><strong>Sponsored by:</strong> '+e.message+' <i class="fa fa-external-link" aria-hidden="true"></i></a>'}function showEvents(e){if(0===e.length)showNoEvents();else{var n="<ol>";e.forEach(function(e){n+=null!==e.url?'<li><a href="'+e.url+'">'+e.name+": "+e.date+", "+e.location+"</a></li>":"<li>"+e.name+": "+e.date+", "+e.location+"</li>"}),n+="</ol>",document.getElementById("events_list").innerHTML=n}}var xmlhttp=new XMLHttpRequest,url="https://bloghelpers.troyhunt.com/api/BlogData";xmlhttp.onreadystatechange=function(){if(4===this.readyState&&200===this.status){var e=JSON.parse(this.responseText);null===e||void 0===e?(showUnsponsored(),showNoEvents()):(showSponsor(e.currentSponsor),showEvents(e.events))}else 4===this.readyState&&200!==this.status&&(showUnsponsored(),showNoEvents())},xmlhttp.open("GET",url,!0),xmlhttp.send(); var disqus_config=function(){this.page.url=document.getElementById("disqus_post_url").getAttribute("data"),this.page.identifier=document.getElementById("disqus_post_identifier").getAttribute("data")};!function(){if(null!=document.getElementById("disqus_post_identifier")&&null!=document.getElementById("disqus_post_url")){var t=document,e=t.createElement("script");e.src="//troyhunt.disqus.com/embed.js",e.setAttribute("data-timestamp",+new Date),(t.head||t.body).appendChild(e)}}(); function reCaptchaSolved(){document.getElementById("subscribe_loading").style.display="block",document.getElementById("confirm_captcha").style.display="none";for(var e,t=encodeURIComponent(document.getElementById("email_to_subscribe").value),n=encodeURIComponent(window.location),c=document.getElementsByName("email_cadence"),s=0,l=c.length;s<l;s++)if(c[s].checked){e=c[s].value;break}var a=document.getElementById("g-recaptcha-response").value,i="Email="+t+"&EmailCadence="+e+"&SourceUrl="+n+"&g-recaptcha-response="+a,o=new XMLHttpRequest;o.open("POST","https://bloghelpers.troyhunt.com/api/subscribe",!0),o.setRequestHeader("Content-type","application/x-www-form-urlencoded"),o.onload=function(){if(document.getElementById("subscribe_loading").style.display="none",200===this.status)document.getElementById("subscribe_successful").style.display="block";else{var e=JSON.parse(this.responseText),t="FakeOrInvalid"===e?"Uh oh, apparently that's a fake or invalid email, sorry!":"Uh oh, that didn't work.Try submitting it again.";document.getElementById("subscribe_unsuccessful").innerHTML="<p>"+t+"</p >",document.getElementById("subscribe_unsuccessful").style.display="block",document.getElementById("new_subscription").style.display="block"}},o.send(i)}function closeFloatingSubscribe(){floating_subscribe.style.display="none",document.cookie="closeFloatingSubscribe=true; expires=1 Jan 2030 00:00:00 UTC; path=/"}document.getElementById("subscribe_form").addEventListener("submit",function(e){if(e.preventDefault(),document.getElementById("new_subscription").style.display="none",window.___grecaptcha_cfg)grecaptcha.reset();else{var t=document.createElement("script");t.setAttribute("src","https://www.google.com/recaptcha/api.js"),document.head.appendChild(t);var n=document.createElement("div");n.setAttribute("class","g-recaptcha"),n.setAttribute("data-sitekey","6LdqYhoUAAAAADieTdwsCSDl0-zIpp6Ga-JzatIZ"),n.setAttribute("data-callback","reCaptchaSolved"),document.getElementById("confirm_captcha").appendChild(n)}document.getElementById("confirm_captcha").style.display="inline-block"});var floating_subscribe=document.getElementById("floating_subscribe");document.cookie.indexOf("closeFloatingSubscribe")===-1&&(floating_subscribe.style.display="block");var closeElement=document.getElementById("close_floating_subscribe");closeElement.addEventListener("click",function(e){closeFloatingSubscribe(),e.preventDefault()},!1);var subscribeElement=document.getElementById("subscribe_link");subscribeElement.addEventListener("click",function(){closeFloatingSubscribe()},!1); </script> </body> </html>

CINXE.COM

Troy Hunt: Have I Been Pwned - Troy Hunt