Have I Been Pwned

Creator and founder of HaveIBeenPwned.com Troy Hunt announced that the source code powering his database compromise site would be released to the public and that the site would receive compromised credentials in cooperation with the FBI.

HaveIBeenPwned.com, or HIBP, is a database of login credentials from recent data breaches and leaks and garners. Processing roughly a billion requests a month, the site is a free resource where anyone can find out if a specific email address, password or phone number has been compromised.

Pwned Passwords, the custom code developed by Hunt will now be supported in part by the .NET Foundation, an independent 501(c) non-profit organization providing services for projects running on Microsoft-based technology.

“[T]his move ensures that anybody can run their own Pwned Passwords instance if they so choose. My hope is that this encourages greater adoption of the service both due to the transparency that opening the code base brings with it,” wrote Hunt in a blog post on his website announcing the move.

No less significant is the HIBP’s newly announced cooperation with the FBI, which will share compromised passwords with HIBP.

“We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime,” said FBI Cyber Division Assistant Director Bryan Vorndran in a statement.

“It’s also my hope that the scope of this facility may expand in the future should other law enforcement agencies or organisations that come across compromised passwords wish to contribute,” wrote Hunt.

HIBP has also cooperated with the governments of Austria, Ireland, Norway, Switzerland, and Denmark in the past.

Hunt had announced that he was seeking to sell the service in 2019, but his plans to do so fell through less than a year later due to logistical difficulties, after which he announced that the site would continue to run independently.

To check to see if your credentials have been compromised, visit HIBP here.