Data breach notification website Have I Been Pwned (HIBP) has processed more than 11 billion compromised records from breached websites and publicly accessible databases since it was launched in 2013, offering a window into attacks and security issues that put users' data at risk.
Founder and security expert Troy Hunt launched the site as a "fun little project" meant to index data breaches so people could search them, he said in a keynote at this week's virtual Black Hat Asia. HIBP started with 155 million records; years later, an "endless flow of data" from hundreds of breaches has brought stories and lessons on security incidents' underlying causes.
"What I've found particularly fascinating over the last seven-plus years is just the way this thing has grown and the places it's taken me," Hunt said. To underscore his point, he noted the FBI, along with Dutch and German law enforcement, have begun sending data to HIBP to help notify victims of the Emotet botnet.
In many cases, the deluge of breaches fueling HIBP can be linked to organizations' poor security practices, as Hunt discussed in a series of examples. Some make it easy for attackers to strike.
"Time and time again, we're seeing infosec incidents happen because the fruit is so low-hanging," he said in a story of the 2015 attack on British telco firm TalkTalk. The attack – first attributed to "Russian Islamic Cyber Jihadis" by an unknowing detective – was conducted by a 17-year-old who had little experience or sophistication but caused £77 million in damages (the equivalent today of approximately $107 million).
Some organizations leave databases exposed on the I ..
Support the originator by clicking the read the rest link below.
