There’s no better way to spend a lazy day than plugging your decade-old email address into Have I Been Pwned and watching the results populate.
Since its inception in 2013, Have I Been Pwned (HIBP) has served as a free online resource for individuals to verify if their information was compromised in a data breach, tracking more than 840 breaches on its platform.
The start. However, HIBP creator Troy Hunt told IT Brew that the beloved breach resource initially started out simply as a pet project for him to write more code during his time as a software architect at Pfizer.
“For me, it was sort of a way of scratching an itch that was a bit of fun and it was a hobby project that kind of got out of control,” Hunt said.
The infamous 2013 Adobe data breach—which exposed the information of about 38 million users—also served as a catalyst for the creation of the website after Hunt discovered both his personal and Pfizer email in the breach. Hunt told us that at the time, he couldn’t recall giving his data to Adobe, and realized that he instead gave it to Macromedia, which was acquired by the software giant in 2005.
“I thought that was quite interesting, the way our information ends up in completely different places,” Hunt said. “And if I’m surprised by this, maybe other people are, too.”
Hunt built the first version of HIBP during downtime on a work trip to the Philippines. He told IT Brew that the website’s distinctive name was the result of his struggle to find an available dot-com domain name at the time.
“Pwned is a pretty well-known term within the gaming community for when someone gets killed by an opponent and it sort of [feels] a little bit like that when you’re in a data breach,” he said.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Moving on up. It didn’t take long for Hunt’s website to rise in popularity after its launch.
“Very quickly, it got picked up by press, and not just tech press, but mainstream consumer press as well,” Hunt said. “And I guess one of the very early things that surprised me a lot was just how much traction it got in front of normal people, not just nerds like me.”
He added that the 2015 breach of “married dating” website Ashley Madison—which compromised the information of roughly 36 million individuals—helped to further propel traction to his site.
In the early days of HIBP, Hunt tells us that he had to go out and find breach data to input to the site. However, over time, the data quickly started coming his way. Hunt told IT Brew that data for the website comes from a variety of sources from security researchers to malicious actors to even law enforcement agencies.
“The FBI feeds data into the service,” Hunt said. “That’s not something I could have seen coming.”
The future of HIBP. These days, Hunt no longer operates as a one-man band and instead, works closely with his wife Charlotte and Stefán Jökull Sigurðarson, who joined HIBP as a full-time employee last year. Hunt remains aware that he won’t be able to run the online resource forever and told IT Brew that he is continuing to focus on making the platform “resilient” for the future and for longevity beyond him.
“How do you transfer trust so that if people aren’t sending me the data, they’re happy to send HaveIBeenPwned the data?” Hunt said. “That’s certainly one of the things that keeps us awake at night a little bit.”