Founder of Have I Been Pwned? (HIBP) Troy Hunt announced that after a series of unsuccessful attempts to sell the project, about which he talked this spring, he decided to open the source code.
Let I remind you that HIBP, founded in 2013, is a service for verifying credentials for compromise. Collecting information about various data breaches, Troy Hunt created a unique database, the services and API of which are currently used by many sites and software (including Firefox and LastPass) to promptly notify their customers of a possible compromise.
Hunt writes that over the years, he has invested a lot of effort, time, and resources into the project, but he can no longer continue to develop HIBP on his own. According to him, the community’s contribution to the development of Have I Been Pwned has always been considerable, and recently it has only increased.
“Every byte of data loaded into the system in recent years has been provided free of charge by someone who has decided to improve the security landscape for all of us, — writes Troy Hunt. – The philosophy of HIBP has always been to support the community, and now I want the community to support HIBP. Open source is the most obvious way to do this. All the essential elements of HIBP will be put into the hands of people who can help maintain the service, no matter what happens to me.”
The process of moving to an open-source model would not be easy, so Hunt says it will take some time and has not yet named any specific timeline.
“In addition, there is also an aspect of privacy: among these leaks, there is my personal data, and probably yours too, because billions of people have already suffered from data leaks. Regardless of how widely this information circulates, I still have to ensure confidentiality control for the data on leaks itself, even if the project’s code base becomes more transparent” — sums up the expert.
While professionals like Troy Hunt spend their time and resources on protecting users, they (according to a study by Carnegie Mellon University) rarely change passwords, even if their account got into the HIBP database.