Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says TroyHunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.
TroyHunt, who runs one of the most prominent services for discovering if your data has been exposed in a breach, shares his thoughts on LinkedIn's recent breach and how his approach to disseminating data breach details continues to evolve.
Since the massive data breach of credit bureau Equifax, the U.S. Congress has become more interested in the causes of data breaches. Australian security expert TroyHunt, who recently traveled to Washington to share his insights with a House committee, discusses what he told lawmakers in this in-depth interview.
What should an enterprise do when someone reaches out and claims to have the company's data or information about a breach? Although it can be a delicate situation to manage, there are sound approaches enterprises can take, says data breach expert TroyHunt.
The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.
Covve Visual Network Ltd., a Cyprus-based app developer, acknowledges that it's the owner of 90GB of data - including tens of millions of records - that apparently was left exposed on an open Elasticsearch database. A portion of the data was posted on a forum for trading data leaks.
An Australian company that sells a GPS tracking smartwatch for kids accidently exposed personal data a second time. But this time around, it has not notified users about the bug, which also could have been used to spoof the location of children.
Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low.