Folgen

  • LinkedIn: 700 Million Profiles and the Password Recycling Economy
    Jul 3 2026

    Six and a half million LinkedIn passwords leaked in 2012. The real number was 167 million — and nobody knew for four years.

    This episode is the full anatomy of the LinkedIn breach: how an attacker turned one employee's personal side-project into a full corporate network compromise, why the decision not to "salt" its password hashes turned a contained incident into a catastrophe, and how a single stolen database seeded a decade of credential-stuffing attacks against unrelated platforms.

    We walk through how the intrusion actually happened (and why the widely-reported SQL injection explanation was wrong), what password hashing is and why salting matters, why 160 million accounts were left crackable for four years, and the one password habit that connects the entire story to you.

    Zero Day Logs is a documentary series on the security failures that shaped the internet.

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • Home Depot: 56 Million Cards, One Vendor Password
    Jun 26 2026

    In 2014, attackers walked into Home Depot's network with a password stolen from a third-party vendor — and walked out with 56 million payment cards. The tool they used to move around inside was a genuine zero-day, the kind of flaw nation-states pay millions for. The harder part to explain is everything that was already wrong when they arrived: no multi-factor authentication, antivirus seven years out of date, the dedicated firewall switched off, and the card data moving in plain text. This episode walks through how the breach actually worked — and why the warnings that could have stopped it had already been sent, twice.

    (0:00) Intro
    (1:03) Home Depot and the payment rails
    (2:03) The way in: a vendor password
    (4:25) What a zero-day actually is
    (5:20) 7,500 registers and a watcher in memory
    (8:15) Five months of dwell time
    (9:55) How the banks found it first
    (11:23) Disclosure, response, and the bill
    (12:54) What was waiting: the warnings ignored
    (16:08) Defenses from the year of the iPhone
    (19:34) Chip-and-PIN, a CISO, and the unnamed
    (21:06) The distance between a warning and a check

    Free one-page technical breakdown PDF: zerodaylogs.com
    Sources are listed on the episode page at zerodaylogs.com.

    Mehr anzeigen Weniger anzeigen
    22 Min.
  • Pearson: The Patch That Sat Unapplied Six Months
    Jun 19 2026

    A critical security patch sat unapplied on a Pearson education platform for six months. By the time it was found, data on roughly 11.5 million student records across some 13,000 schools and universities had been taken — and Pearson described the breach to investors as a "hypothetical" risk. The SEC disagreed.

    This is the story of the distance between knowing and acting: a documented flaw, an available fix, and the gap in between.

    Chapters:
    (0:00) The Call From the FBI
    (1:14) Pearson and AIMSweb
    (2:38) What Remote Code Execution Means
    (3:40) The Patch That Was Never Applied
    (5:14) Inside the Breach
    (8:52) Four Months, Undetected
    (10:30) What "Material" Means to the SEC
    (12:01) The Notification Letters
    (13:07) "A Hypothetical Risk"
    (14:55) The Decade-Long Campaign
    (16:54) The SEC Charge
    (18:42) Knowing vs. Acting
    (19:22) Takeaways

    Free one-page technical breakdown: https://zerodaylogs.com
    Watch the full video version on YouTube: [video URL]

    Sources: SEC enforcement order (2021); DOJ indictment (2020); UK ICO penalty notice; Pearson Form 6-K (2019); state AG notifications.

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • How Uber Hid a Breach of 57 Million People
    Jun 12 2026

    On November 14, 2016, two hackers told Uber they had the personal records of
    57 million users and drivers. What Uber did next wasn't a breach response — it
    was a cover-up: a $100,000 payment disguised as a bug-bounty reward, false NDAs,
    and a year of silence while a binding FTC order required disclosure. The breach
    itself was fixable. The concealment became the first criminal conviction of a
    chief security officer.

    (0:00) The hackers make contact
    (0:40) The break-in: reused passwords to 57M records
    (6:45) Disguising the ransom as a bug bounty
    (10:40) The FTC order that made silence a crime
    (13:27) The first criminal conviction of a CSO
    (17:05) The four controls that were missing

    Free one-page technical breakdown (timeline, attack path, the four missing
    controls): https://zerodaylogs.com

    Sources: U.S. FTC enforcement action and expanded consent decree; New York
    Attorney General settlement; U.S. DOJ charging documents and trial record,
    United States v. Sullivan; U.S. SEC filings.

    Zero Day Logs — the real anatomy of security breaches. Measured, sourced,
    no hype. https://zerodaylogs.com

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • Yahoo: 3 Billion Accounts, Four Years Hidden
    Jun 5 2026

    Three billion user accounts. Two separate breaches. Four FSB-directed operatives. And nearly two years of silence between what Yahoo's security team knew and what the public was told.

    This episode traces the full operation from the spear phishing campaign that opened the door, through the forged authentication cookies that bypassed every login screen, to the SEC enforcement action that established a new category of regulatory risk: the failure to disclose a known breach.

    Chapters:
    0:00 — 3 Billion
    1:47 — The Spear Phishing Campaign
    3:26 — Inside Yahoo's Network
    5:39 — The Stolen Database
    7:28 — The Account Management Tool
    9:14 — The Hybrid Model: State + Criminal
    11:03 — The Silence
    13:23 — The Disclosures
    15:23 — The SEC Enforcement
    17:14 — The Indictment
    17:58 — Aftermath
    18:20 — The Pattern

    Sources: DOJ indictment (United States v. Dokuchaev et al.), SEC enforcement order (Altaba Inc.), Yahoo SEC filings, Verizon acquisition disclosures.

    Full technical breakdown and free PDF summary at zerodaylogs.com.

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • Colonial Pipeline: From Legacy VPN to Bitcoin Seizure — The Complete Breakdown
    May 29 2026

    One leaked password. No multi-factor authentication. Nine days undetected.

    In May 2021, a compromised VPN credential — found on the dark web, tied to a former employee's account, protected by nothing more than a single password — gave DarkSide ransomware operators access to Colonial Pipeline's IT network. What followed: 100 gigabytes of stolen data, encrypted systems, a $4.4 million Bitcoin ransom, a six-day shutdown of 5,500 miles of fuel infrastructure, and a DOJ operation that clawed back 63.7 of the 75 Bitcoin using a method that remains partially redacted from the public record.

    This episode traces the complete chain: the entry vector, the nine-day dwell time, the franchise model behind DarkSide, the IT/OT boundary decision that shut down physically intact infrastructure, the ransom payment calculus, and the regulatory reckoning that followed.

    Primary sources: Senate testimony, CISA advisory, FBI seizure affidavit, GAO report.

    Free PDF breakdown: https://zerodaylogs.com


    00:00 — The Escalation
    01:30 — Introduction
    01:35 — What Is a VPN?
    02:39 — The Forgotten Door
    03:34 — One Password, No Second Factor
    04:40 — DarkSide: Ransomware-as-a-Service
    05:39 — Anatomy of the Attack
    07:29 — 100 Gigabytes Out the Door
    08:34 — Two Buildings, One Boundary
    11:12 — Seventy Minutes
    11:44 — The Shutdown Decision
    13:08 — The $4.4 Million Question
    14:02 — The Vault
    15:10 — The DOJ Strikes Back
    15:54 — Three Missing Controls
    17:55 — Eleven Years Without an Update
    18:21 — The Aftermath

    Mehr anzeigen Weniger anzeigen
    20 Min.
  • Target — Certified Compliant, Breached Eight Weeks Later
    May 22 2026

    On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores.

    This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened.

    We cover: the Fazio Mechanical entry point, the network segmentation gap, how BlackPOS exploited the moment card data exists as plaintext in RAM, why FireEye's alerts went unacknowledged for 12 days, the exfiltration architecture that moved stolen data through three countries during peak shopping hours, and the compliance paradox at the center of it all.

    Full technical breakdown: zerodaylogs.com

    Primary sources: U.S. Senate Commerce Committee "Kill Chain" analysis, Target SEC filings, multistate AG settlement, NIST and PCI-DSS standards.

    Mehr anzeigen Weniger anzeigen
    27 Min.
  • How Equifax Lost 147 Million Social Security Numbers
    May 15 2026

    A critical vulnerability was disclosed. A patch was released the same day. Equifax was warned directly. The patch was never applied. Two months later, attackers walked through the door — and spent seventy-six days inside a system holding 147 million Social Security numbers. Episode 5 covers the full 2017 Equifax breach — the Apache Struts vulnerability, the scanner that missed, the certificate that was blind for over a year, the breach response that made everything worse, and the PLA indictment that revealed what the stolen data was really for.

    0:00 — Introduction
    0:42 — What Is Equifax
    1:17 — The Data You Never Chose to Give
    1:42 — Growth vs. Security
    2:05 — ACIS: A 1970s System on the Public Internet
    2:25 — CVE-2017-5638: The OGNL Injection
    4:19 — The Missed Scan
    5:37 — The Honour System
    6:16 — CEO vs. Committee
    6:37 — May 13th: The Door Opens
    7:13 — No Walls: Lateral Movement
    8:20 — The Harvest: 147 Million Records
    9:31 — The Expired Certificate
    10:45 — Found by Accident
    11:09 — The Response Timeline
    12:35 — The Response That Made Everything Worse
    13:52 — Insider Trading
    14:28 — Executive Departures
    14:52 — The Settlement
    15:34 — PLA Attribution
    16:23 — The Intelligence Mosaic
    17:05 — Entirely Preventable
    17:47 — Closing

    Full technical breakdown: zerodaylogs.com

    Mehr anzeigen Weniger anzeigen
    18 Min.