HaveIBeenPwned Gets FBI Help After Going Open-Source
Have I Been Pwned is one of the best known – and totally free – online resources to check if your login credentials have been compromised as part of a security breach. Last month, the personal data of more than half a billion Facebook and LinkedIn users was thrown online. Unfortunately, I was one of the affected users, which I found out after checking the Have I Been Pwned database. Well, much needed service is now getting a major boost – it becomes open source, and the FBI will contribute compromised credentials to its database.
Troy Hunt, who has been running the project as a company project for some time now, initially revealed plans to take on the open source Have I Been Pwned software last year. In an announcement post, Hunt revealed that he is making the entire codebase open source, which means anyone can contribute and make the service even more useful.
– Troy Hunt (@troyhunt) May 27, 2021
By taking the open-source project, Hunt got a helping hand from the .NET Foundation – an independent, non-profit organization formed by Microsoft that aims to preserve the open source ecosystem and support software development.
“It’s now an important part of many online services and this evolution ensures that anyone can run their own instance of Pwned passwords if they want to. Hopefully this will encourage greater adoption of the service both because of the transparency that openness of the codebase brings and the confidence that people can still “use theirs” if they choose. .
– Troy Hunt
As part of the open-source transition, Have I Been Pwned runs GitHub to maintain two repositories – Azure Function and Cloudflare Worker. The plan includes an authenticated endpoint that will receive SHA-1 and NTLM hash password pairs that will be added to its database.
And that’s where the FBI comes in. Intelligence agency will bring its own share of compromised credentials to be added to the Have I Been Pwned database, which makes it even more diverse – and therefore, much more useful to the average internet user like you and me.
Hunt, who is a well-known security expert and regional manager for Microsoft, also revealed that Have I Been Pwned is now used a billion times a month. Besides just checking your credentials, it also offers a notification service to let you know about a potential security incident in the future if you register your email address.