Troy Hunt
@troyhunt.com
Creator of Have I Been Pwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Big thanks to Malwarebytes for sponsoring my blog this week! Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing www.malwarebytes.com/browserguard...
Browser Guard: 100% free ad blocker browser extension
Malwarebytes Browser Guard for Chrome, Firefox, Safari and Edge helps protect your online privacy from ad trackers and more.
www.malwarebytes.com
November 15, 2025 at 1:58 AM
Big thanks to Malwarebytes for sponsoring my blog this week! Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing www.malwarebytes.com/browserguard...
Going live with my weekly vid in half an hour! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 youtube.com/live/B46JhYw...
Weekly Update 478
Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0; Sponsored by Malwarebytes
youtube.com
November 14, 2025 at 10:30 PM
Going live with my weekly vid in half an hour! Home Sweet Home; Lessons From Processing Those 2B Email Addresses; I Spoke at Europol in The Hague; Operation Endgame 3.0 youtube.com/live/B46JhYw...
Weekly update is up: I’m in Belgium! Here’s everything that went wrong with loading 2 billion breached email addresses… www.troyhunt.com/weekly-updat...
Weekly Update 477
What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are…
www.troyhunt.com
November 12, 2025 at 11:31 PM
Weekly update is up: I’m in Belgium! Here’s everything that went wrong with loading 2 billion breached email addresses… www.troyhunt.com/weekly-updat...
Going live with my weekly vid in 10 mins: I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
Weekly Update 477
I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
www.youtube.com
November 9, 2025 at 7:50 AM
Going live with my weekly vid in 10 mins: I’m in Belgium! Here’s reaching that went wrong with loading 2 billion breached email addresses…
Reposted by Troy Hunt
New sensitive breach: Hungarian political party TISZA suffered a breach of its TISZA Világ platform last month, exposing 200k records, later published online. Data included email, name, phone & physical address. 41% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Tisza
Have I Been Pwned: TISZA Világ Data Breach
In November 2025, data breached from the Hungarian political party TISZA was extensively redistributed online. Stemming from a compromise of the TISZA Világ service the previous month, the breach expo...
haveibeenpwned.com
November 8, 2025 at 10:11 AM
New sensitive breach: Hungarian political party TISZA suffered a breach of its TISZA Világ platform last month, exposing 200k records, later published online. Data included email, name, phone & physical address. 41% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Tisza
Reposted by Troy Hunt
New credential stuffing data: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. Data included 2B unique email addresses and 1.3B unique passwords. 76% of emails were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
Have I Been Pwned: Synthient Credential Stuffing Threat Data Data Breach
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of em...
haveibeenpwned.com
November 6, 2025 at 5:15 AM
New credential stuffing data: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. Data included 2B unique email addresses and 1.3B unique passwords. 76% of emails were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned.com subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done www.troyhunt.com/2-billion-em...
2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned
I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from ...
www.troyhunt.com
November 6, 2025 at 5:09 AM
This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned.com subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done www.troyhunt.com/2-billion-em...
Weekly update is up! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread www.troyhunt.com/weekly-updat...
Weekly Update 476
The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to…
www.troyhunt.com
November 3, 2025 at 11:03 PM
Weekly update is up! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread www.troyhunt.com/weekly-updat...
Going live with my weekly vid in 15 minutes! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread youtube.com/live/etA4EWZ...
Troy Hunt is live
I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread
youtube.com
October 31, 2025 at 3:15 PM
Going live with my weekly vid in 15 minutes! I’m in Norway; Loading 1,957,476,021 Breached Email Addresses is Hard; Qantas Data Continues to Spread; PC Build Thread youtube.com/live/etA4EWZ...
Reposted by Troy Hunt
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Cyber injunctions put victims at risk, experts warn
Qantas stands by controversial legal tactic.
ia.acs.org.au
October 27, 2025 at 3:54 AM
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Uh, who’s gonna tell them? “We felt the injunction was an important course of action to further protect our customers and so far, it has been effective in preventing the stolen data being accessed, released or published by third parties”
Cybersecurity experts are warning that injunctions – an increasingly popular legal tactic flaunted as protecting data breach victims – are putting people at greater risk of cybercrime.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
More from @troyhunt.com, Cythera's Euan Prentice, Dvuln's Jamieson O'Reilly and Cyber Cognition's Michael Collins.
Cyber injunctions put victims at risk, experts warn
Qantas stands by controversial legal tactic.
ia.acs.org.au
October 27, 2025 at 10:11 AM
Uh, who’s gonna tell them? “We felt the injunction was an important course of action to further protect our customers and so far, it has been effective in preventing the stolen data being accessed, released or published by third parties”
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
How We (Almost) Found Chromium's Bug via Crash Reports to Report URI
Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as…
www.troyhunt.com
October 27, 2025 at 9:11 AM
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
Reposted by Troy Hunt
New breach: Last week, MyVidster had almost 4M user records posted to a public hacking forum. Data included email address, username and in some cases, profile photo. 38% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/MyVid...
Have I Been Pwned: MyVidster (2025) Data Breach
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of case...
haveibeenpwned.com
October 27, 2025 at 2:45 AM
New breach: Last week, MyVidster had almost 4M user records posted to a public hacking forum. Data included email address, username and in some cases, profile photo. 38% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/MyVid...
Weekly update is up! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests www.troyhunt.com/weekly-updat...
Weekly Update 475
It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to…
www.troyhunt.com
October 26, 2025 at 1:22 AM
Weekly update is up! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests www.troyhunt.com/weekly-updat...
How much do people actually care about Trustpilot reviews? I have a sense that people only leave a review if they either love or hate a service, and all the "hate" ones we have seem to be by people who don't understand how the service works. Thoughts? au.trustpilot.com/review/havei...
Have I Been Pwned is rated "Average" with 3 / 5 on Trustpilot
Do you agree with Have I Been Pwned's TrustScore? Voice your opinion today and hear what 38 customers have already said.
au.trustpilot.com
October 23, 2025 at 11:15 PM
How much do people actually care about Trustpilot reviews? I have a sense that people only leave a review if they either love or hate a service, and all the "hate" ones we have seem to be by people who don't understand how the service works. Thoughts? au.trustpilot.com/review/havei...
Going live with my weekly vid in 15 minutes! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests: youtube.com/live/CB6xb6V...
Weekly Update 475
Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests; Sponsroed by Report URI
youtube.com
October 23, 2025 at 9:15 PM
Going live with my weekly vid in 15 minutes! Impending Travel; PC Build Spec Thread; The Synthient Threat Data; Pwned Passwords Passes 17 Billion Monthly Requests: youtube.com/live/CB6xb6V...
Reposted by Troy Hunt
New stealer logs: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. The stealer log data alone included 183M unique email addresses. 91% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
Have I Been Pwned: Synthient Stealer Log Threat Data Data Breach
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and t...
haveibeenpwned.com
October 21, 2025 at 7:31 PM
New stealer logs: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. The stealer log data alone included 183M unique email addresses. 91% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Synth...
With support from Synthient, we've just pushed out a corpus of 183M stealer log victims to @haveibeenpwned.com. We'd never seen 16.4M of those before, either, so there's a lot of new stuff in there, and that's just the first part. More here: www.troyhunt.com/inside-the-s...
Inside the Synthient Threat Data
Where is your data on the internet? I mean, outside the places you've consciously provided it, where has it now flowed to and is being used and abused in ways you've never expected? The truth is that ...
www.troyhunt.com
October 21, 2025 at 7:25 PM
With support from Synthient, we've just pushed out a corpus of 183M stealer log victims to @haveibeenpwned.com. We'd never seen 16.4M of those before, either, so there's a lot of new stuff in there, and that's just the first part. More here: www.troyhunt.com/inside-the-s...
Weekly update is up! It's New PC Build Time; The Qantas Breach (and Injunction); The Vietnam Air, Hello Cake and Prosper Breaches www.troyhunt.com/weekly-updat...
Weekly Update 474
You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but…
www.troyhunt.com
October 20, 2025 at 9:22 AM
Weekly update is up! It's New PC Build Time; The Qantas Breach (and Injunction); The Vietnam Air, Hello Cake and Prosper Breaches www.troyhunt.com/weekly-updat...
Know a bit about building a fast PC and have a moment to run your eye over something? I need to build (or have built) a new machine that's **fast**! Help get me headed in the right direction: gist.github.com/troyhunt/a6e...
Help me spec out a replacement PC that absolutely *flies*
Help me spec out a replacement PC that absolutely *flies* - Build-Troys-PC.md
gist.github.com
October 20, 2025 at 7:45 AM
Know a bit about building a fast PC and have a moment to run your eye over something? I need to build (or have built) a new machine that's **fast**! Help get me headed in the right direction: gist.github.com/troyhunt/a6e...
Going live with my weekly vid in 30 mins! It's New PC Build Time; The Qantas Breach (and Injunction); The Vietnam Air, Hello Cake and Prosper Breaches youtube.com/live/AeSNiYP...
Weekly Update 474
It's New PC Build Time; The Qantas Breach (and Injunction); The Vietnam Air, Hello Cake and Prosper Breaches
youtube.com
October 16, 2025 at 8:30 PM
Going live with my weekly vid in 30 mins! It's New PC Build Time; The Qantas Breach (and Injunction); The Vietnam Air, Hello Cake and Prosper Breaches youtube.com/live/AeSNiYP...
Big thanks to @1password.bsky.social for sponsoring my blog this week! 1Password Extended Access Management: Secure every sign-in for every app on every device. 1password.com/troyhunt
SaaS Governance: Discover, govern, and optimize SaaS spending with Trelica by 1Password | 1Password
Modern SaaS governance is complex. Trelica by 1Password solves these challenges by providing deep visibility, automation & actionable insights to reduce risk.
1password.com
October 16, 2025 at 7:25 PM
Big thanks to @1password.bsky.social for sponsoring my blog this week! 1Password Extended Access Management: Secure every sign-in for every app on every device. 1password.com/troyhunt
Reposted by Troy Hunt
New breach: Prosper had 17.6M unique email addresses breached in an incident they detected and disclosed last month. Data included other customer info including SSN. Customer accounts and funds were not impacted. 84% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Prosper
Have I Been Pwned: Prosper Data Breach
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M uni...
haveibeenpwned.com
October 16, 2025 at 12:49 AM
New breach: Prosper had 17.6M unique email addresses breached in an incident they detected and disclosed last month. Data included other customer info including SSN. Customer accounts and funds were not impacted. 84% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Prosper
Reposted by Troy Hunt
New sensitive breach: Sexual healthcare product maker Hello Cake had 23k unique email addresses breached in July. Data also included name, phone number, physical address, DoB and purchases. 83% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Hello...
Have I Been Pwned: Hello Cake Data Breach
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names...
haveibeenpwned.com
October 15, 2025 at 3:20 AM
New sensitive breach: Sexual healthcare product maker Hello Cake had 23k unique email addresses breached in July. Data also included name, phone number, physical address, DoB and purchases. 83% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/Hello...
Reposted by Troy Hunt
Hey I know that guy!
(And what a snazzy logo)
(And what a snazzy logo)
October 12, 2025 at 8:24 AM
Hey I know that guy!
(And what a snazzy logo)
(And what a snazzy logo)