Madis0
commented
6 years ago I now checked the code to see that that is not how this works.
Maybe there is a problem with parsing the json or checking for its updates?
Closed Madis0 closed 6 years ago
Madis0
commented
6 years ago I now checked the code to see that that is not how this works.
Maybe there is a problem with parsing the json or checking for its updates?
adam-p
commented
6 years ago Can you check this: https://haveibeenpwned.com/api/v2/breaches ...to make sure the site in question is there?
I just stepped through the code, and the update seems fine. (I could be missing something, of course.)
Madis0
commented
6 years ago Okay, I read the json again and now noticed that the breach does not have a "domain" value, even though it describes which sites it affects.
On further inspection, there are currently 9 breaches in total that don't have a "domain" value. The reason is either:
For the latter, maybe the extension could do an exception and manually "insert" all the domains it affects? Might be annoying to maintain, but extremely useful and relevant to users.
adam-p
commented
6 years ago I can't think of a clean way to handle this. Scraping links out of the description can't be the right choice, since most links are to info about the breach. So... manually map a breach Name to domain(s)? I think that's the only way.
Do you have a better suggestion?
For reference sake, here are the current domain-less items:
{
"Title": "Anti Public Combo List",
"Name": "AntiPublic",
"Domain": "",
"BreachDate": "2016-12-16",
"AddedDate": "2017-05-04T22:07:38Z",
"ModifiedDate": "2017-05-04T22:07:38Z",
"PwnCount": 457962538,
"Description": "In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read <a href=\"https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned\" target=\"_blank\" rel=\"noopener\">Password reuse, credential stuffing and another billion records in Have I been pwned</a>.",
"DataClasses": ["Email addresses", "Passwords"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "B2B USA Businesses",
"Name": "B2BUSABusinesses",
"Domain": "",
"BreachDate": "2017-07-18",
"AddedDate": "2017-07-18T07:38:04Z",
"ModifiedDate": "2017-07-18T07:38:04Z",
"PwnCount": 105059554,
"Description": "In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as "B2B USA Businesses", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses. <a href=\"https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information\" target=\"_blank\" rel=\"noopener\">Read more about spam lists in HIBP.</a>",
"DataClasses": ["Email addresses", "Employers", "Job titles", "Names", "Phone numbers", "Physical addresses"],
"IsVerified": true,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": true,
"LogoType": "png"
},
{
"Title": "Coupon Mom / Armor Games",
"Name": "CouponMomAndArmorGames",
"Domain": "",
"BreachDate": "2014-02-08",
"AddedDate": "2017-11-09T23:46:52Z",
"ModifiedDate": "2017-11-09T23:46:52Z",
"PwnCount": 11010525,
"Description": "In 2014, a file allegedly containing data hacked from <a href=\"https://www.couponmom.com\" target=\"_blank\" rel=\"noopener\">Coupon Mom</a> was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from <a href=\"https://armorgames.com\" target=\"_blank\" rel=\"noopener\">Armor Games</a>. Subsequent verification with HIBP subscribers confirmed the passwords had previously been used and many subscribers had used either Coupon Mom or Armor Games in the past. On disclosure to both organisations, each found that the data did not represent their entire customer base and possibly includes records from other sources with common subscribers. The breach has subsequently been flagged as "unverified" as the source cannot be emphatically proven.",
"DataClasses": ["Email addresses", "Passwords"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "png"
},
{
"Title": "CrimeAgency vBulletin Hacks",
"Name": "CrimeAgencyVBulletin",
"Domain": "",
"BreachDate": "2017-01-19",
"AddedDate": "2017-03-21T03:12:40Z",
"ModifiedDate": "2017-03-21T03:12:40Z",
"PwnCount": 942044,
"Description": "In January 2016, <a href=\"http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml\" target=\"_blank\" rel=\"noopener\">a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency"</a>. A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed. Refer to <a href=\"https://troyhunt.com/i-just-added-another-140-data-breaches-to-have-i-been-pwned\" target=\"_blank\" rel=\"noopener\">the complete list of the forums</a> for further information on which sites were impacted.",
"DataClasses": ["Email addresses", "Passwords", "Usernames"],
"IsVerified": true,
"IsFabricated": false,
"IsSensitive": true,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "Data Enrichment Records",
"Name": "DataEnrichment",
"Domain": "",
"BreachDate": "2016-12-23",
"AddedDate": "2017-06-08T16:23:07Z",
"ModifiedDate": "2017-06-08T16:23:07Z",
"PwnCount": 8176132,
"Description": "In December 2016, <a href=\"http://www.csoonline.com/article/3149713/security/data-enrichment-records-for-200-million-people-up-for-sale-on-the-darknet.html\" target=\"_blank\" rel=\"noopener\">more than 200 million "data enrichment profiles" were found for sale on the darknet</a>. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other legitimate locations. In total, there were more than 8 million unique email addresses in the data which also contained a raft of other personal attributes including credit ratings, home ownership status, family structure and other fields described in the story linked to above. The email addresses alone were provided to HIBP.",
"DataClasses": ["Buying preferences", "Charitable donations", "Credit status information", "Dates of birth", "Email addresses", "Family structure", "Financial investments", "Home ownership statuses", "Income levels", "Job titles", "Marital statuses", "Names", "Net worths", "Phone numbers", "Physical addresses", "Political donations"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "Exploit.In",
"Name": "ExploitIn",
"Domain": "",
"BreachDate": "2016-10-13",
"AddedDate": "2017-05-06T07:03:18Z",
"ModifiedDate": "2017-05-06T07:03:18Z",
"PwnCount": 593427119,
"Description": "In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read <a href=\"https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned\" target=\"_blank\" rel=\"noopener\">Password reuse, credential stuffing and another billion records in Have I been pwned</a>.",
"DataClasses": ["Email addresses", "Passwords"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "Exposed VINs",
"Name": "VINs",
"Domain": "",
"BreachDate": "2017-06-05",
"AddedDate": "2017-06-09T05:35:19Z",
"ModifiedDate": "2017-06-09T05:35:19Z",
"PwnCount": 396650,
"Description": "In June 2017, <a href=\"https://www.bleepingcomputer.com/news/security/car-thieves-everywhere-rejoice-as-unsecured-database-exposes-10-million-car-vins/\" target=\"_blank\" rel=\"noopener\">an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers</a>. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.",
"DataClasses": ["Dates of birth", "Email addresses", "Family structure", "Genders", "Names", "Phone numbers", "Physical addresses", "Vehicle details"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "Master Deeds",
"Name": "MasterDeeds",
"Domain": "",
"BreachDate": "2017-03-14",
"AddedDate": "2017-10-18T11:01:46Z",
"ModifiedDate": "2017-10-18T11:03:37Z",
"PwnCount": 2257930,
"Description": "In March 2017, a 27GB database backup file named \"Master Deeds\" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents. The data included extensive personal attributes such as names, addresses, ethnicities, genders, birth dates, government issued personal identification numbers and 2.2 million email addresses. At the time of publishing, <a href=\"https://www.iafrikan.com/2017/10/18/dracore-data-sciences/\" target=\"_blank\" rel=\"noopener\">it's alleged the data was sourced from Dracore Data Sciences</a> (Dracore is yet to publicly confirm or deny the data was sourced from their systems). On 18 October 2017, the file was found to have been published to a publicly accessible web server where it was located at the root of an IP address with directory listing enabled. The file was dated 8 April 2015.",
"DataClasses": ["Dates of birth", "Deceased statuses", "Email addresses", "Employers", "Ethnicities", "Genders", "Government issued IDs", "Home ownership statuses", "Job titles", "Names", "Nationalities", "Phone numbers", "Physical addresses"],
"IsVerified": true,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
},
{
"Title": "Onliner Spambot",
"Name": "OnlinerSpambot",
"Domain": "",
"BreachDate": "2017-08-28",
"AddedDate": "2017-08-29T19:25:56Z",
"ModifiedDate": "2017-08-29T19:25:56Z",
"PwnCount": 711477622,
"Description": "In August 2017, a spambot by the name of <a href=\"https://benkowlab.blogspot.com.au/2017/08/from-onliner-spambot-to-millions-of.html\" target=\"_blank\" rel=\"noopener\">Onliner Spambot was identified by security researcher Benkow moʞuƎq</a>. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled <a href=\"https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump\" target=\"_blank\" rel=\"noopener\">Inside the Massive 711 Million Record Onliner Spambot Dump</a>.",
"DataClasses": ["Email addresses", "Passwords"],
"IsVerified": true,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": true,
"LogoType": "png"
},
{
"Title": "Anti Public Combo List",
"Name": "AntiPublic",
"Domain": "",
"BreachDate": "2016-12-16",
"AddedDate": "2017-05-04T22:07:38Z",
"ModifiedDate": "2017-05-04T22:07:38Z",
"PwnCount": 457962538,
"Description": "In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read <a href=\"https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned\" target=\"_blank\" rel=\"noopener\">Password reuse, credential stuffing and another billion records in Have I been pwned</a>.",
"DataClasses": ["Email addresses", "Passwords"],
"IsVerified": false,
"IsFabricated": false,
"IsSensitive": false,
"IsActive": true,
"IsRetired": false,
"IsSpamList": false,
"LogoType": "svg"
}So... manually map a breach Name to domain(s)? I think that's the only way.
Yeah, I also think it is the only way, for now. Though you could also ask the owner of HIBP to provide domains as an array, it can also be useful to others who are using this API.
adam-p
commented
6 years ago Done. I'll put out a new release today.
@Madis0, you might want to check that I've addressed your, uh, domain of concern: 5fefa771818b2174f690dac4e670fcdddd2330eb. If not, reply here or email me (it's on https://github.com/adam-p).
Madis0
commented
6 years ago The "CrimeAgency vBulletin hacks" also has a list of domains you could include.
adam-p
commented
6 years ago How's this? cb8733703d3405550ef3c9dffd2bd96c29988278
Madis0
commented
6 years ago Seems good.
adam-p
commented
6 years ago Release published.
About a week ago I got an email notification for a site breach from HIBP. However, this extension still doesn't show the icon on that site.
So, my suggestion is: if the checks are local, perhaps you should make a batch file or program to generate new versions of this extension - for example every two weeks? That would preserve privacy while keeping the extension useful.