This article was published on May 28, 2021

Have I Been Pwned goes open-source and teams up with the FBI on leaked passwords

More security for everyone


Have I Been Pwned goes open-source and teams up with the FBI on leaked passwords

Have I Been Pwned (HIBP), a website built and maintained by security researcher Troy Hunt, is one of the top destinations to find out if your email ID or password has been part of a data breach.

Hunt, also Microsoft Regional Director for security, announced last night that he’s making the website open-sourced so others can contribute to the project and make it easier to find your compromised credentials. He had first announced his intention of making this project available to other services last August. 

As a first step, Hunt and .NET foundation are making the pwned password module open-sourced. This page currently lets you check if any of your passwords (not attached with usernames) were part of a data leak. Hunt noted that data used for this service is retrieved from publicaly available hashed datasets.

[Read: This dude drove an EV from the Netherlands to New Zealand — here are his 3 top road trip tips]

He added that this was the logical first step as the function has a relatively simple codebase consisting of Azure Storage, a single Azure Function, and a Cloudflare worker. Plus, it has its own domain and works on non-commercial APIs independent of the rest of HIBP. 

Apps and services — such as password managers — could integrate this API into their product, and prevent you from choosing passwords that are already compromised.

What’s more, HIBP is teaming up with the FBI, which will help bolster the database with its own set of compromised passwords.

Earlier this week, Hunt noted that the HIBP website is getting closer to 1 billion monthly requests for searching leaked passwords and email IDs.

You can learn more about Have I Been Pwned’s open source project here.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with