Hacking, AppSec, and Bug Bounty newsletter
2019-01-17 | Collection #1, Ethereum network upgrade delayed due to security bug discovered, and 100 pages of Burp Suite tips
Thursday, January 17
The breach to rule them all: Collection #1. A few data points for scale:
2,692,818,238 rows of email addresses and passwords
1,160,253,228 unique combinations of email addresses and passwords
772,904,991 unique email addresses
21,222,975 unique passwords
12,000 separate files
87GB of data
OTHER ARTICLES WE’RE READING
One journalist opines on FB’s 10-year challenge as a ploy for training facial recognition software
Cool idea from Shopify: Changelog to help hunters identify areas where new functionality has been developed/released to prioritize testing.
North Korea is calling: how a Chilean bank employee got duped into a fake job interview, downloaded malware and got the bank’s ATM network pwned.
An oldie, but a goodie: 100 pages of Burp Suite tips
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
In total, 23 of my email addresses have been pwned in 34 different breaches/releases.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.