"Have I been pwned" received the first "independent request"
Of course, a few years ago, I could not imagine how far my project Have I been pwned (HIBP) would go, but I just downloaded a hundredth leak report into the system. This gives a total of 336,724,945 leaked accounts that have been downloaded in recent years, which I confess I did not expect to see.
However, the hundredth report is not quite similar to the previous ones - it was received by me from the site, which itself was subjected to hacking. This is a "self-request" (self-submission) , if convenient. Usually, after a site has been hacked, the information scatters across the network, while the company that has come in “under distribution” has no idea what happened, or rejects it in every way. Just yesterday I wrote an article “ If I can confirm a leak, then why not them? ”Where I reprimanded organizations such as the Philippine Election Commission and Naughty America for not recognizing security problems weeks after the incidents. As much as it’s unethical for hackers to break into systems and put people at risk, it’s just as unethical for organizations to reject incidents and not try to protect their users.
Recently I received a letter asking:
As you can imagine, I often have what you can call an “interesting” interaction, with various people who appear from nowhere and want to talk about leaks, but this turned out to be exactly what was indicated. This site is TruckersMP , and it is a freight simulator (fan multiplayer modification for Euro Truck Simulator 2 and American Truck Simulator simulators, - translator comment) .
')
The news of the burglary was published on this site on February 25 at 7:39 pm , 2 hours and 9 minutes after the discovery of the leak. The leak was discovered just 30 minutes after the hacking itself. A short blog post explains what happened and then apologizes, all within a few hours of the event.
I was wondering why they decided to write and provide HIBP data. We e-mailed a little (including checking that the interviewee is indeed the site administrator and the data provided is legal) and I received an answer to this question:
At the moment, I have a few ideas on how I can use HIBP in conjunction with hacked organizations to help those whose accounts have been compromised, but I did not expect this.
Maybe I just became a little cynical after hundreds of statements “we are extremely concerned about safety” from organizations that clearly do not do this, and such an answer, in which they do not try to change the situation for their own benefit or alter the facts, is encouraging. If billion-dollar companies or state structures acted so responsibly ...
At the moment you can find 83,957 TruckersMP accounts on HIBP .
However, the hundredth report is not quite similar to the previous ones - it was received by me from the site, which itself was subjected to hacking. This is a "self-request" (self-submission) , if convenient. Usually, after a site has been hacked, the information scatters across the network, while the company that has come in “under distribution” has no idea what happened, or rejects it in every way. Just yesterday I wrote an article “ If I can confirm a leak, then why not them? ”Where I reprimanded organizations such as the Philippine Election Commission and Naughty America for not recognizing security problems weeks after the incidents. As much as it’s unethical for hackers to break into systems and put people at risk, it’s just as unethical for organizations to reject incidents and not try to protect their users.
Recently I received a letter asking:
I am the administrator / developer of a gaming forum with ~ 80,000 accounts. A few weeks ago we had a database leak, we would like to add information to your site.
As you can imagine, I often have what you can call an “interesting” interaction, with various people who appear from nowhere and want to talk about leaks, but this turned out to be exactly what was indicated. This site is TruckersMP , and it is a freight simulator (fan multiplayer modification for Euro Truck Simulator 2 and American Truck Simulator simulators, - translator comment) .
')
The news of the burglary was published on this site on February 25 at 7:39 pm , 2 hours and 9 minutes after the discovery of the leak. The leak was discovered just 30 minutes after the hacking itself. A short blog post explains what happened and then apologizes, all within a few hours of the event.
I was wondering why they decided to write and provide HIBP data. We e-mailed a little (including checking that the interviewee is indeed the site administrator and the data provided is legal) and I received an answer to this question:
We are extremely concerned about security issues, we feel the responsibility and responsibility to inform our users about the leaks that have occurred. All members of our team agreed that it would be good to add our case; we would like to see other sites doing the same; given the unfortunate circumstances.
At the moment, I have a few ideas on how I can use HIBP in conjunction with hacked organizations to help those whose accounts have been compromised, but I did not expect this.
Maybe I just became a little cynical after hundreds of statements “we are extremely concerned about safety” from organizations that clearly do not do this, and such an answer, in which they do not try to change the situation for their own benefit or alter the facts, is encouraging. If billion-dollar companies or state structures acted so responsibly ...
At the moment you can find 83,957 TruckersMP accounts on HIBP .
Source: https://habr.com/ru/post/282339/
All Articles