Early this month, on May 2 2026, IGN — a major videogame review and journalism site had their twitch account compromised in a credential leak. Late in the evening on May 2, a self-proclaimed “white-hat hacker” (leveraging leaked credentials is no longer white hat, don’t touch shit you don’t have permission to touch) utilized this leaked restream.io credential to stream on their twitch platform and “inform” the outlet that their credentials were leaked. If you’d like to read about it, I wrote about it here: IGN Twitch Hack: How Leaked Restream.io Credentials Hijacked a Major Media Channel on the Specops Software blog.

In light of… current events occuring south of Canada, I felt it was prudent to start doing more work on things like wireless mesh networking. As such, I wanted to work on getting my first Meshtastic (or meshcore, but we’ll do meshtastic for now) node setup to get some coverage for my neighbourhood.

It’s been a while! I got busy with a bunch of other work, so I haven’t been posting here lately. Going into the new year I hope to improve that, and try to do some streaming and video content as well. We’ll see how that goes; start the new year with a good cadence and make something happen.

I had a discussion yesterday with an acquaintance about some new infostealer leaks; I was talking about verifying whether the credentials are new or not (which was a silly thing to do, I should have known they weren’t in HIBP — for different reasons though) and I went to check if some of the passwords were contained in the HIBP corpus. The acquiantance asked something to the effect of, “why would you put the password into a web form, isn’t that leaking it further?”. This naturally reveals a common misconception regarding how breached password lookups typically work; both in HIBP itself, and competing commercial breached corpuses.

Breachforums, the infamous darkweb hacking and stolen data marketplace recently had another setback when its remaining primary administrators were arrested in France, shutting down yet another iteration of the marketplace. This closes another chapter in a site that has caused immeasurable damage to consumer and enterprise systems alike, facilitating the sale and trade of initial access, credentials, and leaked data.

Last week, a number of news outlets and organizations posted a story (which was then followed by ~ a retraction) of a darkweb password leak comprising 16B records. This immediately triggered a fervor around whether this was really a single leak, where it came from, who and how was exposed and so on – as always occurs around these things.