Feed Atlas
OPML directory + server-side RSS reader

troyhunt.com

SiteRSSBlogs
Back

Latest posts

  • Weekly Update 511: Live from my Riad in Marrakech
    Jul 08, 2026Troy Hunt

    How's this for a location?! I mean, last week was nice with Scott in Mallorca, but Marrakech is, well, wow 😮 Anyway, about those data breaches... This week I'm talking about the futility of attempting to remove piss from a pool, yet here we are, with

  • Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
    Jul 03, 2026Troy Hunt

    I can't recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it's often attributed back to me, I'll relay it here regardless: Trying to delete yourself

  • Weekly Update 510: Live From Mallorca with Scott Helme
    Jun 30, 2026Troy Hunt

    How's the view?! Back to business, it's now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it

  • Weekly Update 509
    Jun 24, 2026Troy Hunt

    I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That's not to sound derogatory (it's

  • Weekly Update 508
    Jun 15, 2026Troy Hunt

    Light switches. How on earth is it so hard to find decent light switches?! It sounds ridiculous until you actually spend enough time looking for ones that meet two simple criteria: Aren't stateful (switch is up or down, has to be push-button) Looks good Now, I'

  • Weekly Update 507
    Jun 10, 2026Troy Hunt

    1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly

  • Welcoming the Philippine Government to Have I Been Pwned
    Jun 03, 2026Troy Hunt

    Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber

  • 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
    Jun 01, 2026Troy Hunt

    Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations

  • Weekly Update 506
    Jun 01, 2026Troy Hunt

    I'm finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There's the obvious criminality of it all, but then there's also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance

  • Welcoming the Bhutanese Government to Have I Been Pwned
    May 25, 2026Troy Hunt

    Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat

  • Weekly Update 505
    May 24, 2026Troy Hunt

    Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I'd first heard rumour of payment being made,

  • Weekly Update 504
    May 18, 2026Troy Hunt

    It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago, we've had Grafana go with the "no pay" approach, and I've seen a raft

  • Welcoming the Bahamian Government to Have I Been Pwned
    May 14, 2026Troy Hunt

    Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible

  • Welcoming the Bangladesh Government to Have I Been Pwned
    May 11, 2026Troy Hunt

    Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches. Bangladesh joins a growing list of national governments

  • Welcoming the Costa Rican Government to Have I Been Pwned
    May 11, 2026Troy Hunt

    Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team to identify exposure