Nearly 22 Million User Passwords & Email Addresses Dumped on a Hacking Forum
Published on January 17, 2019
One of the most useful cyber-security tools is, without any doubt, ‘Have I Been Pwned.’ Launched in 2013, it’s still sticking to its primary focus – to allow anyone to check whether their email account has been affected by any breach. However, maintaining this tool has become overwhelming for its creator, who’s now promising to open-source the project.
The creator of ‘Have I Been Pwned’ is Troy Hunt, who’s now a Microsoft Regional Director, in addition to having many other roles. Via a freshly published blog post, Hunt notes that his commitment towards other projects has affected the cyber-security tool he launched years ago.
The first solution was to sell the platform, which turned out to be more complicated than initially expected. This is why HIBP is now ready to open its doors to a vibrant community of contributors.
To understand why this is such a huge deal, let’s remind you how HIBP works. In its essence, it tells you whether your email account has been affected by a breach. Once you provide your email address, HIBP checks it against its often-updated database, submitting a full report of compromised accounts and types of leaked information.
As you can expect, HIBP works without letting hackers know about compromised accounts. This is where “k-Anonymity” comes into play, designed by Troy Hunt and Junade Ali. Today, many companies are employing this technology, including LastPass, 1Password, Okta PassProtect, Apple, Google, and others.
Related Content: 2,000 NordVPN Users Affected by Credential Stuffing / StockX Breach Published on HIBP / 40 Million Wishbone Account for Sale on the Dark Web
Hunt also noted that HIBP’s code isn’t exactly elegant, meaning that the entire code-base can’t be uploaded to GitHub, as it requires to be optimized. Due to this reason, we don’t have a timeline of how HIBP plans to go open-source. We know that parts of the project will be made public, where Hunt intends to rely on the community to help him rectify any issues.
Even in its current form, ‘Have I Been Pwned’ is the best online source for checking your email address and user accounts’ security. Once the platform becomes publicly visible, it will also become fully transparent. As a result, this should help make the platform more useful and more privacy-friendly while ensuring that hackers are kept away.
Related Content: The Best Reasons to Go Open Source / Is It Possible to Go Completely Open Source / The Coolest Open Source Hardware Projects
Finally, we’d like to remind you to take proper care of your passwords, especially when it comes to creating new ones after a data breach. Here’s how to develop rock-solid passwords, in addition to using two-factor authentication.
Of course, you can also turn to password managers, which will make this process as easy as possible.