HaveIBeenPwned Set to Go Open Source

Popular breach notification site HaveIBeenPwned (HIBP) is going open source to ensure the long-term viability of the project, according to founder Troy Hunt.

The Australian Microsoft regional director and MVP made the announcement in a blog post on Friday, saying that the decision came as a result of his failed attempt to find a buyer for the site earlier this year.

“The single most important objective of that process was to seek a more sustainable future for HIBP and that desire hasn't changed; the project cannot be solely dependent on me,” he revealed. “Yet that's where we are today and if I disappear, HIBP quickly withers and dies.”

The move to open source the site will go a long way to allay privacy concerns over how HIBP operates, by enhancing code transparency and demonstrating that data searches aren’t being logged internally, Hunt continued.

However, the main aim is to make the site “a more sustainable, more robustly featured community service.”

Hunt said he is currently in discussions with Azure and .NET experts to transition HIBP from completely closed to completely open. The process will be worked through incrementally but there’s no clear timeline as yet. Hunt will likely remain a major part of the project for some time to come.

As if to emphasize the importance of HIBP to the security industry and breach victims, Hunt revealed that in the past two weeks alone, over 96 million breached records had been added to the site, from 16 separate incidents.

A k-anonymity API, designed by a CloudFlare engineer, means that services provided by the likes of Okta, LastPass, 1Password, Apple and Google can take advantage of the trove of breached data in HIBP to notify customers if their credentials have been compromised.

What’s Hot on Infosecurity Magazine?