Troy Hunt

1. Weekly Update 481

   Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte and I live and breathe every day. From the first thing every morning to the last thing each day, from holidays to birthdays, in sickness and in heal... wait a minute

   Published Fri, Dec 5, 2025

2. Why Does Have I Been Pwned Contain "Fake" Email Addresses?

   Normally, when someone sends feedback like this, I ignore it, but it happens often enough that it deserves an explainer, because the answer is really, really simple. So simple, in fact, that it should be evident to the likes of Bruce, who decided his misunderstanding deserved a 1-star Trustpilot review

   Published Wed, Dec 3, 2025

3. Weekly Update 480

   Well, I now have the answer to how Snapchat does age verification for under-16s: they give an underage kid the ability to change their date of birth, then do a facial scan to verify. The facial scan (a third party tells me...) allows someone well under 16 to pass it

   Published Mon, Dec 1, 2025

4. Weekly Update 479

   I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today, but it has also burned serious amounts of time because I never want to

   Published Sun, Nov 23, 2025

5. Weekly Update 478

   This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation Endgame actions. The latter in particular gave me a new sense of just how much

   Published Sun, Nov 16, 2025

6. Weekly Update 477

   What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are totally understandable, whilst others just resulted in endless

   Published Wed, Nov 12, 2025

7. 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned

   I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from the more precise number of 1,957,476,

   Published Wed, Nov 5, 2025

8. Weekly Update 476

   The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I've written about why in the draft

   Published Mon, Nov 3, 2025

9. How We (Almost) Found Chromium's Bug via Crash Reports to Report URI

   Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as output in the console), but that wasn't the case

   Published Mon, Oct 27, 2025

10. Weekly Update 475

    It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it&

    Published Sat, Oct 25, 2025

11. Inside the Synthient Threat Data

    Where is your data on the internet? I mean, outside the places you've consciously provided it, where has it now flowed to and is being used and abused in ways you've never expected? The truth is that once the bad guys have your data, it often

    Published Tue, Oct 21, 2025

12. Weekly Update 474

    You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time

    Published Mon, Oct 20, 2025

13. Weekly Update 473

    This week's video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the

    Published Sun, Oct 12, 2025

14. Court Injunctions are the Thoughts and Prayers of Data Breach Response

    You see it all the time after a tragedy occurs somewhere, and people flock to offer their sympathies via the "thoughts and prayers" line. Sympathy is great, and we should all express that sentiment appropriately. The criticism, however, is that the line is often offered as a substitute

    Published Thu, Oct 9, 2025

15. Weekly Update 472

    This probably comes through pretty strongly in this week's video, but I love the vibe at CERN. It's a place so focused on the common good of science that all the other cultural attributes that often put people at odds these days fade into the distance.

    Published Mon, Oct 6, 2025