Going live with my weekly vid in 10 mins! Back on the IoT Bandwagon: Doorlocks With Unifi Access, Finally Making the AI LPR Work, I Still Hate All Light Switches https://youtube.com/live/hTrB6WU5FpE?feature=share
| Blog | https://www.troyhunt.com |
Troy Hunt
- 21.6K Followers
- 54 Following
- 1.3K Posts
Creator of @haveibeenpwned. Microsoft Regional Director and MVP. Pluralsight author. Online security, technology and “The Cloud”. Australian.
YouTube
Have I Been PwnedNew breach: The University of Nottingham was targeted in a ShinyHunters extortion campaign exposing 455k email addresses this week. Data included name, address, phone, ethnicity, disability & academic enrolment info. 47% were already in @haveibeenpwned https://haveibeenpwned.com/Breach/UniversityOfNottingham
Have I Been Pwned: University of Nottingham Data Breach
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
Weekly update is up! Have I Been Pwned Passes 1,000 Data Breaches: Join Me for a Commemorative Beer 🍺 https://www.troyhunt.com/weekly-update-507/
Weekly Update 507
1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine
New breach: Baker Distributing had 103k unique email addresses allegedly exposed after appearing on the ShinyHunters "pay or leak" site. The data was mostly corporate contact info including names, addresses and phones. 50% were already in @haveibeenpwned: https://haveibeenpwned.com/Breach/BakerDistributing
Have I Been Pwned: Baker Distributing Data Breach
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
Going live with my weekly vid in 10 mins! Have I Been Pwned Passes 1,000 Data Breaches: Join Me for a Commemorative Beer 🍺 https://youtube.com/live/URB6xsrJcmI?feature=share
Weekly Update 507
New breach: BCD Travel was targeted in a ShinyHunters extortion campaign that published 396k email addresses this week. Other data included name, address, phone, job title and support tickets. 28% were already in @haveibeenpwned. Read more: https://haveibeenpwned.com/Breach/BCDTravel
Have I Been Pwned: BCD Travel Data Breach
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
New breach: DentaQuest was targeted by a ShinyHunters extortion campaign that saw 2.6M unique email addresses published last weekend. Data also included name, phone, address and for some records, Medicaid ID. 66% were already in @haveibeenpwned. More: https://haveibeenpwned.com/Breach/DentaQuest
Have I Been Pwned: DentaQuest Data Breach
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.
The free gov program at @haveibeenpwned keeps expanding! Today, we welcome our 46th government: the Philippines 🇵🇭
Their National CERT is now using HIBP to help protect government departments, public resources and the people behind them. https://www.troyhunt.com/welcoming-the-philippine-government-to-have-i-been-pwned/
Welcoming the Philippine Government to Have I Been Pwned
Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber Threat Intel
That's a massive milestone - 1,000 breaches processed in @haveibeenpwned - and it got me wondering why the service is still needed? But you don't have to look far to see why: https://www.troyhunt.com/1000-data-breaches-later-the-disclosure-lag-is-worse-than-ever/
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations
Weekly update is up! Breach Week: 7-Eleven; Ameriprise; Mytheresa; Kemper; Charter; The Data Breach Disclosure Lag; Welcoming the Bhutanese Government https://www.troyhunt.com/weekly-update-506/
Weekly Update 506
I'm finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There's the obvious criminality of it all, but then there's also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance of victims on their dark web