KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.
As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Of course, not if you count the many years I worked as a paperboy schlepping The Washington Post to dozens of homes in Springfield, Va. (as a young teen, I inherited a largish paper route handed down from my elder siblings).
True story: At the time I was hired as a lowly copy aide by The Washington Post, all new hires — everyone from the mailroom and janitors on up to the executives — were invited to a formal dinner in the Executive Suite with the publisher Don Graham. On the evening of my new hires dinner, I was feeling underdressed, undershowered and out of place. After wolfing down some food, I tried to slink away to the elevator with another copy aide, but was pulled aside by the guy who hired me. “Hey Brian, not so fast! Come over and meet Don!”
I was 23 years old, and I had no clue what to say except to tell him that paper route story, and that I’d already been working for him for half my life. Mr. Graham laughed and told me that was the best thing he’d heard all day. Which of course made my week, and made me feel more at ease among the suits.
I remain grateful to WaPo for instilling many skills, such as how to distill technobabble into plain English for a general audience. And how to make people the focus of highly technical stories. Because people — and their eternal struggles — are imminently relatable, regardless of whether one has a full grasp of the technical details.
Words fail me when trying to describe how grateful I am that this whole independent reporter thing still works, financially and otherwise. I mostly just keep my head down researching stuff and sharing what I find, and somehow loads of people keep coming back to the site. As I like to say, I hope they let me keep doing this, because I’m certainly unqualified to do much else!
Another milestone of sorts: We’ve now amassed more than 52,000 subscribers to our email newsletter, which is a fancy term for a plain text email that goes out immediately whenever a new story is published here. Subscribing is free, we never share anyone’s email address, and we don’t send emails other than new story notifications (2-3 per week).
A friendly reminder that while you may see ads (or spaces where ads otherwise would be) at the top of this website, all two-dozen or so ad creatives we run are vetted by me and served in-house. Nor does this website host any third-party content. If you regularly browse the web with an ad blocker turned on, please consider adding an exception for KrebsOnSecurity.com. Our advertising partners are how we keep the lights on over here.
And in case you missed any of them, here are some of the most-read stories published by KrebsOnSecurity in 2023. Happy 2024 everyone!
Ten Years Later, New Clues in the Target Breach
It’s Still Easy for Anyone to Become You at Experian
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Why is .US Being Used to Phish So Many of US?
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Who’s Behind the Domain Networks Snail Mail Scam?
Phishing Domains Tanked After Meta Sued Freenom
Many Public Salesforce Sites are Leaking Private Data
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Identity Thieves Bypassed Experian Security to View Credit Reports
Dear Brian: Congratulations on being an independent beacon in the cybersecurity world for the last 14 years! I have been a fan of yours since the WaPo days. Then, your column was a “must read” for me. I even wrote to you with a question and your response was kind and thorough. I never forgot that!
Now, I’m retired, but I volunteer for AARP as a fraud expert. I rely on your newsletter to stay informed about cyber threats and, more importantly, what “normals” can do to protect themselves from these threats and the criminals who perpetrate them. We are fortunate that you continue to shine a light into the dark corners of cybercrime and Cyber Negligence (looking at you, Equifax, TransUnion and Experian). Thank you so much for all you do and Please Continue! Here’s to the next 14!!
Sincerely, K. D. Morgan
Keep up the good work. I have to look at your reporting everyday, because your reporting is a very reliable and many times prescient presentations of the other world. Thank you.
Congratulations on another year of shining a light on dark places. I enjoyed your paperboy roots (pun intended) story.
Thank you!
Congratulations, Brian! Love the blog. The comments tool could use improvement, imho.
Dear Brian,
Congratulations on a new milestone!
It’s been a pleasure to have been a subscriber for so many years; I’ve learned a lot and certainly upped the security game for self, family and friends, and for that I’m grateful!
As suggested I’ve just confirmed KOS is white listed in my adblocker.
Wishing you many more productive and interesting years!
Robert
Krebs I love you, you long fivehead son of a gun. 😀
Thank you sir. Happy New Year!
Congratulations on 14 years! While not familiar with your writing during your WaPo days, I have been a regular reader of KoS since early 2010 and also have a signed copy of Spam Nation (fascinating read). I remember accidentally seeing you on TV once and exclaimed to everyone, “I know that guy!” Thank you for your informative (and often entertaining!) posts and bringing to light important cybersecurity topics while educating the masses how to better protect themselves from the bad guys.
There aren’t many sites I can turn to for in-depth reporting of the sort you provide. I hope you can continue your work for a long time.
Keep up the outstanding work!
Brian,
Thank you so much for all of your work throughout the years, as well as dealing with the blowback for being such a great investigative reporter. I’m an old Security Fix reader who still hits your site every morning to see what’s new. I could blow smoke up any orifice, but the best compliment I have came from a speaker at DEFCON years ago. He said something to the effect of, “If you ever pick up your office phone and the voice on the other end of the line is Brian Krebs, just go pack a box.”
Thank you again, Brian. The contributions you’ve made to this industry are invaluable. Please, keep up the great work!
Greg
Nice work!
As the saying goes, thank you for your service to all of us, Brian.
And I may be retired, but I still read it daily, and I’m still pointing people to it.
Great site! Thank you for continuing to do this!
Thanks not for just all the hard work/research, great stories, educational material and entertainment.
Thank you for being a positive influence in a dark area tech. You encourage others to do research and be informed. Which may be your best overall contribution to IT.
Brian, thank you for the work you do.
Just read your article “Ten Years Later, New Clues in the Target Breach” – quite a trail that led to the identity of the hackers – an entertaining story, particularly re the leaked cookie. Underlining the fact that cyber criminals are bad at cyber security, and that, of course, on the internet, identities are almost impossible to keep secret.
Loved that fact that one of the Target hackers changed his name to Lenin! And then started selling Roubles with Lenin on them! Extraordinary.
Been reading you since prior to you leaving WaPo by a few years. Congrats, and keep up the good work!
Brian – Thanks for shepherding this I.T. admin, and thousands like me, through the hacker minefields all these years. We are forever in your debt. Keep up the good work. Here’s to many more years in the fight!
Thank you for your service.
Funny. I started reading your Blog around 14 years ago. I had just started my career in InfoSec and eventually landed a SOC gig. Your straight-forward and easy to understand articles helped me catch up to speed on the state of security. At that time Zeus botnet was hot, and later the leaking of its source code was all the rage. I found this blog to be invaluable. I still direct newbies here to help shape up their knowledge.
I started reading your work back in your Washington Post days, and continue to enjoy it. I’m not in the IT business, and I’m not an IT hobbyist, but I still get a lot out of KrebsOnSecurity. Thanks for your great work, Brian.
Happy anniversary Brian. Your ability to do, as you describe, distill the techno-babel into plainspeak really helped raise the understanding of just how dark the network is to those who may not have the bandwidth to unravel all of the components involved. it helps my mgmt. immeasurably.
…and it’s fun reading!
Hi Brian,
This has been one of my read daily sites for most of your time doing this. It was a revelation when found. Having followed it so long has been definitely educational for some things hidden in normal media.
Oh, it is time for yet again a new photo, don’t you think. A new one every seven years or so? Just a though.
Cheers
I found your posts shortly after you went independent and enjoyed them, as you say, to understand the techno-babble and to get a clue as to what may be coming at my organization in my position as an auditor for a public pension fund. I have continued to read your posts 10 years into retirement to get a feel for what cyber-slobs and cyber-crooks are up to. Thanks for your work!
Dang. First time I come here, and I find out the founder is from the same place I grew up! Small world… Now time for me to read up on security!
Congrats on a well-earned 14 years–may the years continue! Will never forget being gobsmacked when the WaPo turned you loose, and am still grateful for the early heads up on the Target breach.
Regarding advertising, does KOS have a position on 1) blocking third party cookies, and 2) using Privacy Badger. Many websites leave messages about adblockers when my machine only has one dedicated adblock for a very famous video website–I assume the messages are about third party blocking and PB. With those installed, I can currently see two ads @ KOS.
Congrats on 14 years! Your site is officially old enough to start simswapping and stealing bitcoin to impress kids on Roblox!
you are doing a great job of delivering important security information.. I appreciate your hard work .. Can you please do a pice of website hackers ?
Woohoo, Brian! You’ve been my go-to, reputable source for uncompromising, exceedingly vetted and detailed reporting on cybercrime today. Almost when you first began, my co-workers and I were victims of a card-skimming operation by the gas station across the street from our building (a major news network), after which I later stumbled onto your site. I walked into the local branch of my bank, and when I entered, the branch manager immediately said, “They took $600, right?” Dozens of newsroom employees were compromised. Your spot-on reporting on the Home Depot and Target breaches has been unparalleled. Since then, I’ve seen you on national news programs, in print, and of course, right here on your site. Congrats on your continued success!