Breach Week Highlights: 7‑Eleven, Ameriprise, MyTheresa
Weekly update is up! Breach Week: 7-Eleven; Ameriprise; Mytheresa; Kemper; Charter; The Data Breach Disclosure Lag; Welcoming the Bhutanese Government https://www.troyhunt.com/weekly-update-506/
Company Knew of Carnival Leak, Gave No Notice
35 days ago, the Carnival data was published by ShinyHunters. Clearly, the company knew about it at the time (that’s how extortion works, plus the comment in the linked article) but at the time, I couldn’t find any disclosure notice,...
Data Breaches Spawn Hidden Crimes, Even without Public Leaks
Data breaches have a long tail of secondary crimes… even when no data is released publicly
HIBP Adds Costa Rica as 42nd Government Partner
HIBP’s free gov program keeps growing, helping governments get ahead of data breaches before attackers do. Today, we welcome our 42nd government: Costa Rica, protecting departments, public resources and the people behind them. https://t.co/GD14TAF6sU
Incident Escalates: Massive Breach Looms Before Data Leak
This is just going from bad to worse. The scale of this incident is massive, and that’s *before* any data has leaked.
This Week's Breach Landscape: Vishing, Social Engineering, Data Dumps
Weekly update is up! The Current State of Breaches: Vishing, Social Engineering, ShinyHunters, Salesforce, Extortion and Massive Troves of Data: https://t.co/39w6jR8MRH
Predictable Outcome Based on Their Track Record and Disclosure
Given their track record and seeing the disclosure below, this is heading for a pretty predictable outcome…
Cyber Gang Threatens Blowtorch to Seize Crypto Wallet
It’s all fun and games until the blowtorch comes out 😮 “a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his...
Data Breaches Expose Surprisingly Odd Email Address Patterns
Fascinating the sorts of email addresses that appear in some of these data breaches 🤣 https://t.co/grfbmi39Qf
Automated 4 AM Tweet Summaries Power Daily Breach Reports
Been doing something very similar to this for my daily breach reports: each day at 4am it pulls all the tweets from this list and summarises them into a report: https://t.co/pT8dTLPnnY https://t.co/yuYqQs7zFq
Agentic AI Automates Zendesk Tickets, Tackles HIBP API
I've spoken a bunch recently about experiments with agentic AI to do genuinely useful stuff, such as "Bruce", who now replies to most of our Zendesk tickets. So, what happens when you let it loose on the HIBP API? Some...
Kids' Cybercrime Pathway Traced Back to Gaming
Pretty good overview of the pathway to cybercrime for kids and the genesis always coming back to gaming. Kinda feel like that Roblox statement really missed the point though (assuming they understood the context).
AI Agents Can Now Query HaveIBeenPwned Data Securely
We’re working on better exposing @haveibeenpwned data to AI agents, including via MCP (no privacy or security changes, still need a key to query the same stuff). I’m trying to craft the right narrative around how “normies” can use this:...
Clearing Session Erases Claude's Prior Conversation Memory
It was all going great with @openclaw... until today. Been doing heaps of breach research and analysis, then it's hit the wall. I'm trying to understand the way out: clearing the session will erase Claude's memory of prior discussions, right?...
AI Bot PwnedClaw Analyzes This Week's Data Breaches
Weekly update is up! Join Me in Investigating Today’s Data Breaches With the PwnedClaw, the OpenClaw Agentic AI Bot Doing My Legwork: https://t.co/KeML1pLTOL