Have I Been Pwned? (HIBP) is an internet tool created by security researcher and Microsoft employee Troy Hunt, the purpose of which is to allow users to check if they had been caught in a data breach.
It works by entering a username and password, that is then checked against data dumps containing compromised accounts.
According to Hunt, HIBP now boasts nearly 3 million email subscribers, some 150,000 unique daily visitors – with this number spiking to ten million on a bad security day. That’s to go with some 8 billion records of breaches.
HIBP also provides notifications in case of personal data is found in some future breaches – and it is used not only by individuals, but also by governments, companies, and law enforcement.
This service has been online since 2013, and now it appears to be time to cash out.
Hunt has announced in a blog post that he wants to sell HIBP to ensure better stewardship of the project, that is now a one-man project, maintained by him – which seems to have become a source of stress.
The Australian security expert now wants a “better-resourced and better-funded structure” to step in and take HIBP off his hands – though he does not rule future involvement in some capacity, and promises that the search capability of the service itself will remain free of charge to users.
Hunt also hints at wanting to “reduce the burden” on himself and of the project has become an overwhelming task – so much so that he did not want to build his own company around it, and has instead chosen to sell.
That’s also the answer he directed one commenter on the blog post to, when they wondered why Hunt was not considering setting up a non-profit involving many corporate members who would financially back it, instead of relinquishing control to a company.
It’s unknown at this time who the future owner of HIBP might be, but Hunt has revealed that there has been interest. When two commenters wanted to know if it may be Mozilla, the organization behind the Firefox browser, he replied to one of them by saying:
“Being a party that’s already dependent on HIBP, I reached out to them in advance of this blog post and have spoken with them. I can’t go into more detail than that just now, but certainly, their use of the service is enormously important to me.”