This is a free service that sends you an email if your account pops up in a data breach. One of the features I added to HIBP very early on was the ability to subscribe to notifications: In order to verify the data via HIBP, I had to call on some supporters.
#HACK CITY GIRL LIFE 2015 VERIFICATION#
I needed further verification so I invoked the help of some Have I been pwned? (HIBP) subscribers. However it wasn’t quite clear where the data had come from, I mean it’s not like you can just go to and there’s a login box that tells you whether or not the account exists (incidentally, I did later discover an API that confirms the presence of an email address at login time). I found 4.8 million unique customer email addresses in one of the files and it “smelled” good, that is it didn’t have the typical hallmarks that often accompany a fabricated breach. Lorenzo passed on the data and I check it out. Someone had gotten in touch with him (I assume as they thought it might make a good story) and he was doing his journo due diligence thing. This time, he wanted some help verifying a data breach that had allegedly come from VTech and contained millions of customer records. Lorenzo writes for Motherboard and has often approached me for comments on security incidents in the past.
Let me set some context first because this is clearly a very serious incident and it all began when I was contacted by Lorenzo Bicchierai earlier this week. This is the background on how this little device and other online assets created by VTech requested deeply personal info from parents about their families which they then lost in a massive data breach:īreach source, verification and (attempted) disclosure
#HACK CITY GIRL LIFE 2015 PASSWORD#
When it includes their parents as well – along with their home address – and you can link the two and emphatically say “Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)”, I start to run out of superlatives to even describe how bad that is. When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. Unless it’s our children’s identities, that’s a whole new level. Certainly the Ashley Madison debacle took that to a whole new level, but when it comes to our identities being leaked all over the place, it’s just another day on the web. They’re in the mainstream news on what seems like a daily basis to the point where this is the new normal. I suspect we’re all getting a little bit too conditioned to data breaches lately.