pwned …

Just spent the morning ‘tidying up’ my login credentials after receiving an email from HIBP about the Cit0day breach. Have I Been Pwned is a service that alerts you when your identity (login credentials) has been found/leaked either in the open or the Deep/Dark web – see https://www.troyhunt.com/inside-the-cit0day-breach-collection/

But if, like me, you don’t use a password manager, working out which sites you have an account on and which email address you used for that account, can be a real PITA, even for cyber security professional 🙂 Fortunately, I am a Mac user, so getting that list of sites and then matching them to the 23,000+ sites in the Cit0day list was less painful – thanks to marcotini’s Applescript for looping through Safari’s password cache which you can find on GitHub – see https://github.com/marcotini/Get_Safari13_Passwords

Then it’s just a case of running your favourite RE tool like ‘grep’ to see which passwords corresponding to a matched leaked site you need to change …
https://www.troyhunt.com/inside-the-cit0day-breach-collection/

Leave a Reply

Your email address will not be published. Required fields are marked *