Connect with us

Hi, what are you looking for?


Management & Strategy

‘Have I Been Pwned’ Code Base Going Open Source

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source.

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source.

Have I Been Pwned allows users to verify whether their emails or passwords have been exposed as part of a data breach and has become the place to go for information when massive data breach dumps become public.

Over the past couple of years, the site’s popularity has increased after an API that allows for the fast search of compromised account data from third-party products and services started being integrated into browser extensions, applications, mobile software, notification websites, and the like, including Firefox and LastPass.

Hunt now says that the time has come for the project to evolve into open source, especially given the fact that community contributions to Have I Been Pwned have increased significantly recently.

“Every single byte of data that’s been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone. Many of the services that HIBP runs on are provided free by the likes of Cloudflare,” Hunt says.

He also notes that the community has contributed to the code behind the website as well, either through the use of publicly available content or through direct support for the project.

“The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP. Open sourcing the code base is the most obvious way to do this. It takes the nuts and bolts of HIBP and puts them in the hands of people who can help sustain the service regardless of what happens to me,” Hunt says.

Advertisement. Scroll to continue reading.

The move to make the code open source would also addresses concerns regarding the manner in which the service runs (such as the fact that it does not log any of the searches), while helping identify people who can help the project evolve, he notes.

Hunt also points out that the process of moving to open source isn’t an easy one, and that the transition will take some time, with support from people who understand what needs to be done, but no timeframe for when the process will be completed has been provided.

“Then there’s the privacy side of it all: my own personal data is in those breaches and your data almost certainly is too because there are literally billions of people that have been impacted by data breaches. Regardless of how broadly that information is circling, I still need to ensure the same privacy controls prevail across the breach data itself even as the code base becomes more transparent,” he also says.

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Related: Apple Releases Open Source Password Manager Resources

Related: IBM Releases Open Source Toolkits for Processing Data While Encrypted

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.