{"id":327,"date":"2024-12-02T00:03:38","date_gmt":"2024-12-02T00:03:38","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2024\/12\/02\/weekly-update-428\/"},"modified":"2024-12-02T00:03:38","modified_gmt":"2024-12-02T00:03:38","slug":"weekly-update-428","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2024\/12\/02\/weekly-update-428\/","title":{"rendered":"Weekly Update 428"},"content":{"rendered":"<p>    Weekly Update 428<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.troyhunt.com\/content\/images\/2024\/12\/Splash-Template.jpg?ssl=1\" alt=\"Weekly Update 428\"><\/p>\n<p>I wouldn&#8217;t say this is a list of my <em>favourite<\/em> breaches from this year as that&#8217;s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature of the service, but some of them this year were absolute zingers. This week, I&#8217;m talking about the ones that really stuck out to me for one reason or another, here&#8217;s the top 5:<\/p>\n<p><!--kg-card-begin: html--><\/p>\n<div>\n<div style=\"width: 170px; display: inline-block; margin-right: 3px;\"><a href=\"https:\/\/itunes.apple.com\/au\/podcast\/troy-hunts-weekly-update-podcast\/id1176454699?ref=troy-hunt\"><img decoding=\"async\" src=\"https:\/\/www.troyhunt.com\/content\/images\/2018\/05\/Listen-on-Apple-Podcasts.svg\" alt=\"Weekly Update 428\"><\/a><\/div>\n<div style=\"width: 175px; display: inline-block; margin-right: 3px;\"><a href=\"https:\/\/www.youtube.com\/playlist?list=PL7LAAxaabizMAXnJe0s3xjQ30q12EVmjt&amp;ref=troyhunt.com\"><img decoding=\"async\" src=\"https:\/\/www.troyhunt.com\/content\/images\/2024\/09\/Watch-and-Listen-on-YouTube.svg\" alt=\"Weekly Update 428\"><\/a><\/div>\n<div style=\"width: 118px; display: inline-block; margin-right: 3px;\"><a href=\"https:\/\/open.spotify.com\/show\/7jMtKFohdrw6qmz8AkLqit?ref=troy-hunt\"><img decoding=\"async\" src=\"https:\/\/www.troyhunt.com\/content\/images\/2019\/10\/spotify.svg\" class=\"kg-image\" alt=\"Weekly Update 428\"><\/a><\/div>\n<div style=\"width: 120px; display: inline-block;\"><a href=\"https:\/\/omny.fm\/shows\/troy-hunt-weekly-update\/playlists\/podcast.rss?ref=troy-hunt\"><img decoding=\"async\" src=\"https:\/\/www.troyhunt.com\/content\/images\/2018\/07\/Download-via-RSS.svg\" alt=\"Weekly Update 428\"><\/a><\/div>\n<p><iframe loading=\"lazy\" width=\"100%\" height=\"480\" src=\"https:\/\/www.youtube.com\/embed\/tj9YCsO6oTs\" frameborder=\"0\" allow=\"autoplay; encrypted-media\" allowfullscreen><\/iframe>\n<\/div>\n<p><!--kg-card-end: html--><\/p>\n<h3 id=\"references\">References<\/h3>\n<ol>\n<li><a href=\"https:\/\/1password.com\/xam\/extended-access-management?utm_campaign=xam_launch&amp;utm_source=troy_hunt_blog&amp;utm_medium=paid_ad&amp;utm_content=xam_product\" rel=\"noopener\">Sponsored by:\u00a01Password Extended Access Management: Secure every sign-in for every app on every device.<\/a><\/li>\n<li>\n<a href=\"https:\/\/www.troyhunt.com\/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data\/\" rel=\"noreferrer\">The Spoutible breach was one of the most bizarre instances of returning unnecessary data via an API I&#8217;ve ever seen<\/a> (passwords, 2FA secrets and the code used in &#8220;magic links&#8221; to reset passwords)<\/li>\n<li>\n<a href=\"https:\/\/x.com\/troyhunt\/status\/1794491965226258784?ref=troyhunt.com\" rel=\"noreferrer\">It&#8217;s one thing for spyware to be used for stalking partners against their terms and conditions, it was quite another for pcTattletale to explicitly refer to marital infidelity as a use case for the product<\/a> (this data breach actually killed the company)<\/li>\n<li>\n<a href=\"https:\/\/www.troyhunt.com\/telegram-combolists-and-361m-email-addresses\/\" rel=\"noreferrer\">The &#8220;Combolists Posted to Telegram&#8221; breach was more significant for the stealer logs than it was the combolists aggregated from other sources<\/a> (that really brought this class of breach into the spotlight for me)<\/li>\n<li>The National Public Data breach was much more significant for the exposure of <a href=\"https:\/\/www.troyhunt.com\/inside-the-3-billion-people-national-public-data-breach\/\" rel=\"noreferrer\">hundreds of millions of social security numbers than it was for the email addresses that went into HIBP<\/a> (that&#8217;s another company that folded as a result of their breach)<\/li>\n<li>\n<a href=\"https:\/\/x.com\/troyhunt\/status\/1843788319785939422?ref=troyhunt.com\" rel=\"noreferrer\">The Muah.AI breach exposed a trove of requests by users to create CSAM images<\/a> (the linked thread is a mind-boggling series of tweets about both the content and the justifications offered for not having controls on the images created)<\/li>\n<\/ol>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Troy Hunt<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.troyhunt.com\/weekly-update-428\/\">Go to troyhunt<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Weekly Update 428 I wouldn&#8217;t say this is a list of my favourite breaches from this year as that&#8217;s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51,135],"tags":[143,140,148],"class_list":["post-327","post","type-post","status-publish","format-standard","hentry","category-troyhunttroyhunt","category-weekly-update","tag-breach","tag-data","tag-was"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/327"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=327"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/327\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}