Category: Weekly update
-
Weekly Update 506
Weekly Update 506 I’m finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There’s the obvious criminality of it all, but then there’s also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance of victims on their dark web site, the…
-
Weekly Update 505
Weekly Update 505 Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made, and I posited that groups like…
-
Weekly Update 504
Weekly Update 504 It’s a hot topic, the old “pay or don’t pay” for hackers not to leak your data. Since recording this a few days ago, we’ve had Grafana go with the “no pay” approach, and I’ve seen a raft of commentary around other companies reaching “agreements”, which is a much politer way of…
-
Weekly Update 503
Weekly Update 503 Well, it’s the day before the Instructure “pay or leak” deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to “we’re not making any statements”. So did they pay? And if so, what lofty figure would…
-
Weekly Update 502
Weekly Update 502 It’s a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will be teenagers to their early 20s), consistently gaining access to the data of massive brands. Not through technical ingenuity alone (although I’m sure there’s a portion of that), but primarily through good ol’ social…
-
Weekly Update 501
Weekly Update 501 This is so “peak 2026” – writing an equality policy to ensure people treat our AI bot with the same respect as they do their human counterparts. It’s intentionally a bit tongue-in-cheek, but it’s there for a purpose: we simply don’t have the capacity to deal with every request we get, and…
-
Weekly Update 500
Weekly Update 500 Looking back at this milestone video, it’s the audience question towards the end I liked most: “are you happy”? Charlotte and I have chosen a path that’s non-traditional, intense and at times, pretty stressful. There’s no clear delineation of when work starts and ends, no holidays where we don’t work, nor weekends,…
-
Weekly Update 499
Weekly Update 499 I’m starting to become pretty fond of Bruce. Actually, I’ve had a bit of an epiphany: an AI assistant like Bruce isn’t just about auto-responding to tickets in an entirely autonomous manner; it’s also pretty awesome at responding with just a little bit of human assistance. Charlotte and I both replied to…
-
Weekly Update 498
Weekly Update 498 This week, more time than I’d have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for now, will remain unnamed), who had invoices stacking back more than 6 months overdue and despite payment terms of 30 days, paid on…
-
Weekly Update 497
Weekly Update 497 Day by day, I find we’re eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Significantly, we’re shifting more and more of the workload to the latter as all 3 of us at…
-
Weekly Update 496
Weekly Update 496 Watching OpenClaw do its thing must be like watching the first plane take flight. It’s a bit rickety and stuck together with a lot of sticky tape, but squint and you can see the potential for agentic AI to change the world as we know it. And I don’t think that’s hyperbolic.…
-
Weekly Update 495
Weekly Update 495 In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers ๐คทโโ๏ธ), code on the edge, new data storage constructs and a completely different mechanism for even just querying a simple email address. HIBP is a continually evolving…
-
Weekly Update 494
Weekly Update 494 Since starting HIBP a dozen and a bit years ago, I’ve loaded an average of one breach every 4.7 days. That’s 959 of them to date, but last week it was five in only two days. That’s a few weeks’ worth of breaches in only 48 and a half hours. And that’s…
-
Weekly Update 493
Weekly Update 493 The Odido breach leaks were towards the beginning during this week’s update. I recorded it the day after the second dump of data had hit, with a third dump coming a few hours later, and a final dump of everything the day after that. From what I hear, it dominated the news…
-
Weekly Update 492
Weekly Update 492 The recurring theme this week seems to be around the gap between breaches happening and individual victims finding out about them. It’s tempting to blame this on the corporate victim of the breach (the hacked company), but they’re simultaneously dealing with a criminal intrusion, a ransom demand, and class-action lawyers knocking down…
-
Weekly Update 491
Weekly Update 491 Well, the ESP32 Bluetooth bridge experiment was a complete failure. Not the radios themselves, they’re actually pretty cool, but there’s just no way I could get the Yale locks to be reliably operated by them. At a guess, BLE is a bit too passive to detect state changes, and unless it was…
-
Weekly Update 490
Weekly Update 490 A big “thank you” to everyone who helped me troubleshoot the problem with my “Print Screen” button on the new PC. Try as we all might, none of us could figure out why it refused to bind to SnagIt and instead insisted on dumping the entire collection of screens to a file…
-
Weekly Update 489
Weekly Update 489 This week I’m in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL’s Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I’d expand on what really stuck with me after watching other speakers: the effort agencies…
-
Weekly Update 488
Weekly Update 488 It’s the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most noteably was the hand-waving around “the gov is just trying to siphon up all our IDs” and “this means everyone will have to show ID, not…
-
Weekly Update 487
Weekly Update 487 I thought Scott would cop it first when he posted about what his solar system really cost him last year. “You’re so gonna get that stupid AI-slop response from some people”, I joked. But no, he got other stupid responses instead! And I got the AI-slop responses! Draw your own conclusions on…
-
Weekly Update 486
Weekly Update 486 Iโm in Oslo! Flighty is telling me Iโve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally. Itโs special here, like a second home that just feelsโฆ right. This week, the business end of things is…
-
Weekly Update 485
Weekly Update 485 15 mins and 40 seconds. That’s how long it took to troubleshoot the first tech problem of 2026, and that’s how far you’ll need to skip through this video to hear the audio at normal volume. The problem Scott and I had is analogous to the troubleshooting so many of us do…
-
Weekly Update 484
Weekly Update 484 I think the start of this week’s video really nailed it for the techies amongst us: shit doesn’t work, you change something random and now shit works and yu have no idea why ๐คทโโ๏ธ Such was my audio this week and apoligise to those of you watching the video below for the…
-
Weekly Update 483
Weekly Update 483 Building out an IoT environment is a little like the old Maslow’s Hierarchy of Needs. All the stuff on the top is only any good if all the stuff on the bottom is good, starting with power. This week, I couldn’t even get that right, but thankfully, sparky to rescue and ensuite…
-
Weekly Update 482
Weekly Update 482 Perhaps it’s just the time of year where we all start to wind down a bit, or maybe I’m just tired after another massive 12 months, but this week’s vid is way late. Ok, going away to the place that had just been breached (ironic!) didn’t help, but I think in general…
-
Weekly Update 481
Weekly Update 481 Twelve years (and one day) since launching Have I Been Pwned, it’s now a service that Charlotte and I live and breathe every day. From the first thing every morning to the last thing each day, from holidays to birthdays, in sickness and in heal… wait a minute – did we marry…
-
Weekly Update 480
Weekly Update 480 Well, I now have the answer to how Snapchat does age verification for under-16s: they give an underage kid the ability to change their date of birth, then do a facial scan to verify. The facial scan (a third party tells me…) allows someone well under 16 to pass it easily. So,…
-
Weekly Update 479
Weekly Update 479 I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today, but it has also burned serious amounts of time because I never want to let a…
-
Weekly Update 478
Weekly Update 478 This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation Endgame actions. The latter in particular gave me a new sense of just how much coordination is…
-
Weekly Update 477
Weekly Update 477 What. A. Week. It wasn’t just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are totally understandable, whilst others just resulted in endless facepalms ๐คฆโโ๏ธ But we…
-
Weekly Update 476
Weekly Update 476 The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It’s been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I’ve written about why in the draft blog post, but once you get…
-
Weekly Update 475
Weekly Update 475 It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it’s new enough,…
-
Weekly Update 474
Weekly Update 474 You’re not going to believe this – the criminals that took the Qantas data ignored the injunction ๐ฎ I know, I know, we’re all a bit stunned that making crime illegal hasn’t appeared to stop it, but here we are. Just before the time of writing, I was contacted by someone who…
-
Weekly Update 473
Weekly Update 473 This week’s video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the injunction did nothing to…
-
Weekly Update 472
Weekly Update 472 This probably comes through pretty strongly in this week’s video, but I love the vibe at CERN. It’s a place so focused on the common good of science that all the other cultural attributes that often put people at odds these days fade into the distance. That hit me more than it…
-
Weekly Update 471
Weekly Update 471 I’m so happy to finally be getting those HIBP demos out! The first couple are simple, but as I say in this week’s vid, it’s the simple questions we’re still dealing with. As if to taunt me (or prove my point), we got this ticket just a couple of hours ago: Iโm…
-
Weekly Update 470
Weekly Update 470 Imagine jumping on board a class action after your precious datas have been breached, then sticking through it all the way until a settlement is reached. Then, finally, after a long and arduous battle, cashing in and getting… $1. Well, kinda $1, the ParkMobile class action granted up to $1 for successful…
-
Weekly Update 469
Weekly Update 469 So I had this idea around training a text-to-speech engine with my voice, then using that to speak over the Sonos at home to announce AI-driven events, such as people ringing the doorbell. A few hours’ worth of video from these weekly updates fed into ElevenLabs and wammo! Here you go: Oh…
-
Weekly Update 468
Weekly Update 468 I only just realised, as I prepared this accompanying blog post, that I didn’t talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It’s one of those rare places where…
-
Weekly Update 467
Weekly Update 467 Using AI to analyse photos and send alerts if I’ve forgotten to take the bins out isn’t going to revolutionise my life, no more so than using it to describe who’s at the mailbox when a letter arrives and at the front door when they buzz. But that’s really not the point;…
-
Weekly Update 466
Weekly Update 466 I’m fascinated by the unwillingness of organisations to name the “third party” to which they’ve attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that’s very often the way with…
-
Weekly Update 465
Weekly Update 465 How much tech stuff do I have sitting there in progress, literally just within arm’s reach? I kick off this week’s video going through it, and it’s kinda nuts. Doing runeos and house build doesn’t help, but it means there’s just a constant distraction of “things” commanding my attention. I couldn’t even…
-
Weekly Update 464
Weekly Update 464 I think the most amusing comment I had during this live stream was one to the effect of expecting me to have all my tech things neat and ordered. As I look around me now, there are Shellys with cables hanging off them all over my desk, the keyboard I’m typing on…
-
Weekly Update 463
Weekly Update 463 I’ve listened to a few industry podcasts discussing the Tea app breach since recording, and the thing that really struck me was the lack of discussion around the privacy implications of the service before the breach. Here was a tool where people were non-consensually uploading photos of others and leaving fairly intimate…
-
Weekly Update 462
Weekly Update 462 This will be the title of the blog post: “Court Injunctions are the Thoughts and Prayers of Data Breach Response”. It’s got a nice ring to it, and it resonates so much with the response to other disasters where the term is offered as a platitude that has absolutely no practical benefit…
-
Weekly Update 460
Weekly Update 460 This week’s update is the last remote one for a while as we wind up more than a month of travel. I’m pushing this out just before we jump on the Qantas plane home… right after they’ve advised just how much of my data was impacted by their breach. That got me…
-
Weekly Update 459
Weekly Update 459 New week, different end of the world! After a fleeting stop at home, we’re in Japan for a proper holiday (yet somehow I’m still here writing this…) with the first stop in Tokyo. It’s like nowhere else here, and this is now probably my 10th trip to Japan over a period of…
-
Weekly Update 458
Weekly Update 458 I’m in Austria! Well, I was in Austria, I’m now somewhere over the Aussie desert as I try and end this trip on top of my “to-do” list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of…
-
Weekly Update 457
Weekly Update 457 Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that’s a shotgun style that plugs straight into the iPhone and it’s usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don’t know if this…
-
Weekly Update 456
Weekly Update 456 It’s time to fly! It’s two months to the day since we came back from the last European trip, again spending the time with some of the agencies and partners we’ve fostered at HIBP over the years. This time, it’s the driving tour I talked about earlier last month, and we have…
-
Weekly Update 455
Weekly Update 455 The bot-fighting is a non-stop battle. In this week’s video, I discuss how we’re tweaking Cloudflare Turnstile and combining more attributes around how bot-like requests are, and… it almost worked. Just as I was preparing to write this intro, I found a small spike of anomalous traffic that, upon further investigation, should…
-
Weekly Update 454
Weekly Update 454 We’re two weeks in from the launch of the new HIBP, and I’m still recovering. Like literally still recovering from the cold I had last week and the consequent backlog. A major launch like this isn’t just something you fire and forget; instead, it takes weeks of tweaks and refinements to iron…
-
Weekly Update 453
Weekly Update 453 Well, the last few weeks of insane hours finally caught up with me ๐ค Not badly, but I evidently burned enough midnight oil to leave the immune system somewhat degraded and just after recording this video, I really didn’t feel like doing much at all. Some congestion and sniffles aside, it’s really…
-
Weekly Update 452
Weekly Update 452 Funny how excited people can get about something as simple as a sticker. They’re always in hot demand and occupy an increasingly large portion of my luggage as we travel around. Charlotte reckoned it would be the same for other merch too, so, while I’ve been beavering away playing code monkey on…
-
Weekly Update 451
Weekly Update 451 The Have I Been Pwned Alpine Grand Tour is upon us! I’ve often joked that work is always either sitting at my desk at home in isolation or on the other side of the world, and so it is with this trip. As we’ve done with recent travel to the US and…
-
Weekly Update 450
Weekly Update 450 Looking back at this week’s video, it’s the AI discussion that I think about most. More specifically, the view amongst some that any usage of it is bad and every output is “slop”. I’m hearing that much more broadly lately, that AI is both “robbing” creators and producing sub-par results. The latter…
-
Weekly Update 449
Weekly Update 449 Today, I arrived at my PC first thing in the morning to find the UPS dead (battery was cactus) and the PC obviously without power. So, I tracked down a powerboard and some IEC C14 to mains cable adaptors and powered back up. On boot, neither the Bluetooth mouse nor keyboard worked.…
-
Weekly Update 448
Weekly Update 448 I’m a few days late this week, finally back from a month of (almost) non-stop travel with the last bit being completely devoid of an internet connection ๐ฒ And now, the real hard work kicks in as we count down the next 25 days before launching the full HIBP rebrand. I’m adamant…
-
Weekly Update 447
Weekly Update 447 I’m home! Well, for a day, then it’s off to the other side of the country (which I just flew over last night on the way back from Dublin ๐คฆโโ๏ธ) for an event at the Microsoft Accelerator in Perth on Monday. Such is the path we’ve taken, but it does provide some…
-
Weekly Update 446
Weekly Update 446 After an unusually long day of travelling from Iceland, we’ve finally made it to the land of Guinness, Leprechauns, and a tax haven for tech companies. This week, there are a few more lessons from the successful phish against me the previous week, and in happier news, there is some really solid…
-
Weekly Update 445
Weekly Update 445 Well, this certainly isn’t what I expected to be talking about this week! But I think the fact it was someone most people didn’t expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot of “if it can happen to…
-
Weekly Update 444
Weekly Update 444 It’s time to fly! ๐ฌ๐ง ๐ฎ๐ธ ๐ฎ๐ช That’s two new flags (or if you’re on Windows and can’t see flag emojis, that’s two new ISO codes) I’ll be adding to my “places I’ve been list” as we start the journey by jetting out to London right after I publish this blog. If…
-
Weekly Update 443
Weekly Update 443 What an awesome response to the new brand! I’m so, so happy with all the feedback, and I’ve gotta be honest, I was nervous about how it would be received. The only negative theme that came through at all was our use of Sticker Mule, which apparently is akin to being a…
-
Weekly Update 442
Weekly Update 442 We survived the cyclone! That was a seriously weird week with lots of build-up to an event that last occurred before I was born. It’d been 50 years since a cyclone came this far south, and the media was full of alarming predictions of destruction. In the end, we maxed out at…
-
Weekly Update 441
Weekly Update 441 Processing data breaches (especially big ones), can be extremely laborious. And, of course, everyone commenting on them is an expert, so there’s a heap of opinions out there. And so it was with the latest stealer logs, a corpus of data that took the better part of a month to process. And…
-
Weekly Update 440
Weekly Update 440 Wait – it’s Tuesday already?! When you listen to this week’s (ok, last week’s) video, you’ll probably get the sense I was a bit overloaded. Yeah, so that didn’t stop, and the stealer log processing and new feature building just absolutely swamped me. Plus, I spent from then until now in Sydney…
-
Weekly Update 439
Weekly Update 439 We’re now eyeball-deep into the HIBP rebrand and UX work, totally overhauling the image of the service as we know it. That said, a guiding principle has been to ensure the new looks is immediately recognisable and over months of work, I think we’ve achieved that. I’m holding off sharing anything until…
-
Weekly Update 438
Weekly Update 438 I think what’s really scratching an itch for me with the home theatre thing is that it’s this whole geeky world of stuff that I always knew was out there, but I’d just never really understood. For example, I mentioned waveforming in the video, and I’d never even heard of that let…
-
Weekly Update 437
Weekly Update 437 It’s IoT time! We’re embarking on a very major home project (more detail of which is in the video), and some pretty big decisions need to be made about a very simple device: the light switch. I love having just about every light in our connected… when it works. The house has…
-
Weekly Update 436
Weekly Update 436 We’re heading back to London! And making a trip to Reykjavik. And Dublin. I talked about us considering this in the video yesterday, and just before publishing this post, we pulled the trigger and booked the tickets. The plan is to pretty much repeat the US and Canada trip we did in…
-
Weekly Update 435
Weekly Update 435 If I’m honest, I was in two minds about adding additional stealer logs to HIBP. Even with the new feature to include the domains an email address appears against in the logs, my concern was that I’d get a barrage of “that’s useless information” messages like I normally do when I load…
-
Weekly Update 434
Weekly Update 434 This week I’m giving a little teaser as to what’s coming with stealer logs in HIBP and in about 24 hours from the time of writing, you’ll be able to see the whole thing in action. This has been a huge amount of work trawling through vast volumes of data and trying…
-
Weekly Update 433
Weekly Update 433 It sounds easy – “just verify people’s age before they access the service” – but whether we’re talking about porn in the US or Australia’s incoming social media laws, the reality is way more complex than that. There’s no unified approach across jurisdictions and even within a single country like Australia, the…
-
Weekly Update 432
Weekly Update 432 There’s a certain irony to the Bluesky situation where people are pushing back when I include links to X. Now, where have we seen this sort of behaviour before? ๐ค When I’m relying on content that only appears on that platform to add context to a data breach in HIBP and that…
-
Weekly Update 431
Weekly Update 431 I fell waaay behind the normal video cadence this week, and I couldn’t care less ๐ I mean c’mon, would you rather be working or sitting here looking at this view after snowboarding through Christmas?! Christmas Day awesomeness in Norway ๐ณ๐ด Have a great one friends, wherever you are ๐งโ๐ pic.twitter.com/F2FtcJYzRC โ…
-
Weekly Update 430
Weekly Update 430 I’m back in Oslo! Writing this the day after recording, it feels like I couldn’t be further from Dubai; the temperature starts with a minus, it’s snowing and there’s not a supercar in sight. Back on business, this week I’m talking about the challenge of loading breaches and managing costs. A breach…
-
Weekly Update 429
Weekly Update 429 A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to…
-
Weekly Update 428
Weekly Update 428 I wouldn’t say this is a list of my favourite breaches from this year as that’s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature…
-
Weekly Update 427
Weekly Update 427 I was going to write about how much I’ve enjoyed “tinkering” with the HIBP API, but somehow, that term doesn’t really seem appropriate any more for a service of this scale. On the contrary, we’re putting in huge amounts of effort to get this thing fast, stable, and sustainable. We could do…
-
Weekly Update 426
Weekly Update 426 I have absolutely no problem at all talking about the code I’ve screwed up. Perhaps that’s partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I’m not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries…
-
Weekly Update 425
Weekly Update 425 This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the…