Thursday, January 17
TOP STORY
The breach to rule them all: Collection #1. A few data points for scale:
2,692,818,238 rows of email addresses and passwords
1,160,253,228 unique combinations of email addresses and passwords
772,904,991 unique email addresses
21,222,975 unique passwords
12,000 separate files
87GB of data
Wired has an overview in addition to Troy’s great post hyperlinked above. And help a brother out and donate to haveibeenpwned!
OTHER ARTICLES WE’RE READING
One journalist opines on FB’s 10-year challenge as a ploy for training facial recognition software
Cool idea from Shopify: Changelog to help hunters identify areas where new functionality has been developed/released to prioritize testing.
North Korea is calling: how a Chilean bank employee got duped into a fake job interview, downloaded malware and got the bank’s ATM network pwned.
An oldie, but a goodie: 100 pages of Burp Suite tips
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
In total, 23 of my email addresses have been pwned in 34 different breaches/releases.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.