Troy Hunt
Pluralsight, HIBP, Microsoft
Troy Hunt is an independent security trainer, speaker and Microsoft Regional Director (an honorary role).

He’s also the founder of the data breach monitoring and notification service, Have I Been Pwned (HIBP). The service aggregates exposed data and makes it searchable by impacted consumers and organisations so that they can assess their exposure and better protect their online assets. HIBP is also used by governments and law enforcement agencies the world over and has led Troy to testify before US Congress on the impact of data breaches on knowledge based authentication.

The Data Breach Pipeline: How Our Data is Stolen, Distributed and Abused
Technical Level (3 being the highest score): 2

It’s no longer a question of whether your personal data has been breached, rather a question of how many times. How much of it. What personal damage has been done as a result. What this means for organisations defending against attackers is that they’re increasingly facing a reality where adversaries are well-equipped with troves of data on their targets. Identity verification becomes exponentially more difficult when the attacker presents themselves complete with the victim’s password and answers to security questions.

This talk delves into the data breach pipeline based on my experiences running Have I Been Pwned (HIBP), a data breach monitoring service that’s accumulated over 6 billion records. It begins by looking at the attack vectors which are leading to the breaches, many of which are very well-understood yet still persistent whilst others are more a reflection of the modern dependency on cloud services. From there, we see how our data propagates once breached and spreads rapidly amongst the communities that seek to exploit it. Eventually, that’s what inevitably happens to our data – it’s exploited for the gain of the attacker and to the detriment of the victims.

Understanding the data breach pipeline helps organisations defend against the adversaries who seek to target them. The data breach itself is often only the beginning, it’s the information gained in that exercise which then threatens every other online service. This talk not only discusses the problems we’re facing and how they stem from data breaches, but presents solutions for those attempting to protect their organisation and their customers from the subsequent damage that data breaches are doing.

Presentation video can be found HERE