Phishing was used to compromise the owner of the well-known website Have I Been Pwned's personal blog
A website called Have I Been Pwned compiles information about online security breaches. You can, for instance, see if your password or email has been compromised, in which case you should take immediate action. Information about platforms impacted by cyberattacks, compromised databases, and more are visible. And now we are reporting something shocking: the person who made this page had their personal blog hacked.
Specifically, Troy Hunt, creator of the Have I Been Pwned website, was subjected to a phishing attack, a very common method of stealing data online. This resulted in the exposure of nearly 16,000 email addresses of his blog subscribers. We'll explain exactly what happened.
I was subjected to a type of attack we've talked about on numerous occasions: phishing. The victim shared her experience, hoping it would be helpful to others. Anyone can fall victim to attacks of this type due to negligence, even if they have knowledge and experience in the field of cybersecurity.
The email I received was supposedly from Mailchimp, an email marketing provider. It alerted me to suspicious activity and asked me to verify my account. It all seemed legitimate, but it was actually a scam, a scheme by hackers to steal data.
The attackers' objective was accomplished. The entire list of blog subscribers was exported by the cybercriminals after Troy Hunt fell for their trick. Approximately 16,000 email addresses in total. This leak, along with others, can be found on the front page of the Have I Been Pwned website.
To put it briefly, the Have I Been Pwned website's creator was compromised. In particular, the breach of thousands of subscribers' email addresses had an impact on his personal blog.