Have I Been Pwned is one of the most well-known – and totally free – online resources to check if your log-in credentials have been compromised as part of a security breach. Just last month, personal data of over half a billion Facebook and LinkedIn users was dumped online. Unfortunately, I was among the affected users, which I found out after checking the Have I Been Pwned database. Well, the indispensable service is now getting a major boost – it is going open source, and the FBI is going to contribute compromised credentials to its database.
Troy Hunt, who Has been running the project as a pet project for a while now, originally revealed intentions of taking Have I Been Pwned open-source last year. In an announcement post, Hunt revealed that he is making the entire codebase open source, which means anyone can contribute to it and make the service even more useful.
— Troy Hunt (@troyhunt) May 27, 2021
In taking the project open-source, Hunt got a helping hand from the .NET Foundation – an independent, non-profit formed by Microsoft that aims to preserve the open-source ecosystem and support software development.
“It’s now an important part of many online services and this move ensures that anybody can run their own Pwned Passwords instance if they so choose. My hope is that this encourages greater adoption of the service both due to the transparency that opening the code base brings with it and the confidence that people can always “roll their own” if they choose.”
– Troy Hunt
As part of the open-source transition, Have I Been Pwned is turning GitHub in order to maintain two repositories – Azure Function and Cloudflare Worker. The plan includes an authenticated endpoint that’ll receive SHA-1 and NTLM hash pairs of passwords that will be added to its database.
And this where the FBI comes into the picture. The intelligence agency will contribute its own share of compromised credentials that will be added to the Have I Been Pwned database, making it even more diverse – and as result, far more helpful to the average netizen like you and me.
Hunt, who is a well-known security expert and a Microsoft Regional Director, also revealed that Have I Been Pwned is now being used a billion times each month. Aside from just checking your credentials, it also offers a notification service to inform you about a potential security incident in the future if you register your email address.