Security

‘Have I Been Pwned’ Is Going Open Source – Providing Full Transparency & the Ability for Anyone to Contribute in the Future

Written by Novak Bozovic
Last updated August 8, 2020

One of the most useful cyber-security tools is, without any doubt, ‘Have I Been Pwned.’ Launched in 2013, it’s still sticking to its primary focus – to allow anyone to check whether their email account has been affected by any breach. However, maintaining this tool has become overwhelming for its creator, who’s now promising to open-source the project.

The creator of ‘Have I Been Pwned’ is Troy Hunt, who’s now a Microsoft Regional Director, in addition to having many other roles. Via a freshly published blog post, Hunt notes that his commitment towards other projects has affected the cyber-security tool he launched years ago.

The first solution was to sell the platform, which turned out to be more complicated than initially expected. This is why HIBP is now ready to open its doors to a vibrant community of contributors.

“The code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. The single most important objective is to seek a more sustainable future for HIBP.” – Troy Hunt, via his blog.

To understand why this is such a huge deal, let’s remind you how HIBP works. In its essence, it tells you whether your email account has been affected by a breach. Once you provide your email address, HIBP checks it against its often-updated database, submitting a full report of compromised accounts and types of leaked information.

As you can expect, HIBP works without letting hackers know about compromised accounts. This is where “k-Anonymity” comes into play, designed by Troy Hunt and Junade Ali. Today, many companies are employing this technology, including LastPass, 1Password, Okta PassProtect, Apple, Google, and others.

Related Content: 2,000 NordVPN Users Affected by Credential Stuffing / StockX Breach Published on HIBP / 40 Million Wishbone Account for Sale on the Dark Web

Hunt also noted that HIBP’s code isn’t exactly elegant, meaning that the entire code-base can’t be uploaded to GitHub, as it requires to be optimized. Due to this reason, we don’t have a timeline of how HIBP plans to go open-source. We know that parts of the project will be made public, where Hunt intends to rely on the community to help him rectify any issues.

“I want to get to a point where everything possible is open. I want the infrastructure configuration to be open too, and I want the whole thing to be self-sustaining by the community.” – Troy Hunt, via his blog.

Even in its current form, ‘Have I Been Pwned’ is the best online source for checking your email address and user accounts’ security. Once the platform becomes publicly visible, it will also become fully transparent. As a result, this should help make the platform more useful and more privacy-friendly while ensuring that hackers are kept away.

Related Content: The Best Reasons to Go Open Source / Is It Possible to Go Completely Open Source / The Coolest Open Source Hardware Projects

Finally, we’d like to remind you to take proper care of your passwords, especially when it comes to creating new ones after a data breach. Here’s how to develop rock-solid passwords, in addition to using two-factor authentication.

Of course, you can also turn to password managers, which will make this process as easy as possible.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: