Presently sponsored by: SentinelOne: Our agentless Offensive Security Engine automates red-teaming, without the false positives. This blog shows how.

When is a breach a breach? If it's been breached then re-breached, is the second incident still a breach? Here's what the masses said when I asked if they'd want to know when something like this happened to their data:

If you're in a breach and your data is aggregated by a third party, then *they* have a breach that discloses your data (again), would you want to know? Should this constitute a notifiable breach?

— Troy Hunt (@troyhunt) August 5, 2024

And what if that second incident wasn't a breach per se, but rather a legitimate service being abused to locate where the re-breached data was? That seems to be the situation with SOCRadar, but regardless of the precise mechanics, there's now another 282M breached records in HIBP. Full story in this week's video:

References

1. Sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.
2. After two Microsoft mouse failures, I've jumped on the Logitech MX Master 3S (having used it a lot more in the last day and half since recording, I'm loving this!)
3. ShoeZone got a little bit breached (only 46k uniuqe email addresses makes it quite small in the broader scheme of things)
4. SOCRadar says "no breach" (well, it's a bit more nuanced than that, have a listen and see what you think)