I spend a lot of time looking at data breaches as a result of running the service
Have I been pwned? (HIBP). Inevitably this means frequently coming into contact with people from the shadier side of the web, those lurking in the shadows and communicating from beyond the veil of online anonymity. Sometimes they’re the perpetrators of online attacks, but often they’re merely individuals who frequent the same communities.
Just last week I published
a long piece on the 000webhost hack which focused on my futile attempts to ethically disclose a serious data breach. That in itself was an interesting (albeit somewhat depressing) commentary of our industry, but it was what I discovered about how breached data is being redistributed that really alarmed me. It’s being extensively sold and traded and worse still, it’s frequently kids behind it.
