Happy 10th Birthday to Have I Been Pwned
And a cybersecurity feel good hero story
As a rule, cybersecurity does not have a big number of feel good stories, or stories of cyber heroes - or at least not many that are “out there” for public consumption. The story of Have I Been Pwned - the website haveibeenpwned.com - is one of the best exceptions to the rule that I’m aware of.
I’ve been a huge fan of the site, and a user of its services - for many years. So even though I’m about a week late in doing so, I want to say Happy 10th Anniversary to this one of a kind cyber feel good success story. I’ve been praising and recommending this site to friends, colleagues, and students for years as well - and when I do I always mention that I love the site not just for the invaluable service it provides, but also because of how much I love its back story. Here’s just a very small sample of reasons why I have such good feelings about the site and its story:
It provides a much-needed public service, for free. We rarely go a day without seeing data breaches make headline news, and Have I Been Pwned lets you check if your email address has been exposed in a breach.
It is easy to use, fast, and you can sign up to be notified if any of your email accounts are part of future data breaches. There’s also a page for checking exposure of passwords in breaches.
The site has a minimal and fun UI
Here’s the cyber hero part of the story: incredibly, the HIBP site was a one person show for 8 of its 10 year history. That one person is Troy Hunt.
And the feel good cyber story: organizations like the FBI and the UK’s National Crime Agency have recognized the enormous value that the site brings. The FBI now feeds data into it.
That’s my little spiel. For a much (much!) better rundown of all the rich history of HIBP, check out the story from the horse’s cyber hero person’s mouth: https://www.troyhunt.com/a-decade-of-have-i-been-pwned/
Nice! Everyone should know about this site and avail themselves of this service.