Troy Hunt

@[email protected]
21.7K Followers
54 Following
1.2K Posts
Creator of @haveibeenpwned. Microsoft Regional Director and MVP. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Bloghttps://www.troyhunt.com
Troy Hunt16h ago
Weekly update is up! Episode 500! A Look Back at 500 Weeks of Vids, Pwning, and Life at HIBP HQ with Charlotte https://www.troyhunt.com/weekly-update-500/
Weekly Update 500

Looking back at this milestone video, it's the audience question towards the end I liked most: "are you happy"? Charlotte and I have chosen a path that's non-traditional, intense and at times, pretty stressful. There's no clear delineation of when work starts and ends, no holidays where we don't work,

Troy Hunt
Troy Hunt4d ago
Only 10 minutes away - Episode 500! A Look Back at 500 Weeks of Vids, Pwning, and Life at HIBP HQ with Charlotte https://youtube.com/live/57W4BAMSY8c?feature=share
Weekly Update 500

YouTube
Troy Hunt5d ago
Damn, 500 episodes 😮 This is a special one - with a special person - going live in 12 hours from now: Episode 500! A Look Back at 500 Weeks of Vids, Pwning, and Life at HIBP HQ with Charlotte https://youtube.com/live/57W4BAMSY8c?feature=share
Weekly Update 500

YouTube
Troy Hunt5d ago
Have I Been Pwned5d ago
New breach: Amtrak was claimed as a victim of ShinyHunters earlier this month with over 2M email addresses then published this week. Data also included names, physical addresses and support tickets. 80% were already in @haveibeenpwned. Read more: https://haveibeenpwned.com/Breach/Amtrak
Have I Been Pwned: Amtrak Data Breach

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.

Have I Been Pwned
Troy Hunt5d ago
I've spoken a bunch recently about experiments with agentic AI to do genuinely useful stuff, such as "Bruce", who now replies to most of our Zendesk tickets. So, what happens when you let it loose on the HIBP API? Some pretty cool stuff: https://www.troyhunt.com/heres-what-agentic-ai-can-do-with-have-i-been-pwneds-apis/
Here's What Agentic AI Can Do With Have I Been Pwned's APIs

I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencers, disinformation and ludicrous claims is some real "gold" - AI stuff that's genuinely useful and makes a meaningful difference. This blog post cuts straight to

Troy Hunt
Troy Hunt6d ago
Have I Been Pwned6d ago
New breach: McGraw Hill suffered a breach last week attributed to a Salesforce misconfiguration. Data leaked today included 13.5M email addresses. Some records included name, phone and physical address. 47% were already in @haveibeenpwned. Read more: https://haveibeenpwned.com/Breach/McGrawHill
Have I Been Pwned: McGraw Hill Data Breach

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

Have I Been Pwned
Troy HuntApr 14
Weekly update is up! Introducing “Bruce the Bot”, our 51c per day OpenClaw-powered humanoid-assisted Zendesk AI agent for Have I Been Pwned https://www.troyhunt.com/weekly-update-499/
Weekly Update 499

I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't just about auto-responding to tickets in an entirely autonomous manner; it's also pretty awesome at responding with just a little bit of human assistance. Charlotte and I both

Troy Hunt
Troy HuntApr 12
Have I Been PwnedApr 12
New breach: Hallmark was allegedly breached in March with attackers accessing Salesforce and publishing data this week. It exposed 1.7M unique email addresses with name, phone, physical address & support tickets. 82% were already in @haveibeenpwned. More: https://haveibeenpwned.com/Breach/Hallmark
Have I Been Pwned: Hallmark Data Breach

In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.

Have I Been Pwned
Troy HuntApr 9
Going live with my weekly vid in 10 mins! Introducing “Bruce the Bot”, our 51c per day OpenClaw-powered humanoid-assisted Zendesk AI agent for Have I Been Pwned: https://youtube.com/live/TSJ_bXb62fY?feature=share
Weekly Update 499

YouTube
Troy HuntApr 8
Have I Been PwnedApr 8
New breach: My Lovely AI, a NSFW AI girlfriend platform, suffered a breach earlier this week that exposed over 100k unique email addresses. The data also included AI prompts and links to the resulting images. 23% were already in @haveibeenpwned. More: https://haveibeenpwned.com/Breach/MyLovelyAI
Have I Been Pwned: My Lovely AI Data Breach

In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

Have I Been Pwned