Whenever there is a massive data breach in which the personal data of users has been leaked online, such as the recent Facebook one, we often direct people to use Have I Been Pwned to check whether their information has been compromised. The website is a great tool to make use of in the fight against cybercrime, so much so that the Federal Bureau of Investigation (FBI) is of the same opinion.
This as founder of Have I Been Pwned (HIBP), Trot Hunt, provided a significant update in which the site will be partnering with the FBI, as well as becoming open source.
“The FBI reached out and we began a discussion about what it might look like to provide them with an avenue to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature,” explained Hunt in a blog post.
“Their goal here is perfectly aligned with mine and, I dare say, with the goals of most people reading this: to protect people from account takeovers by proactively warning them when their password has been compromised. Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month,” he continued.
We have long called for government entities to take note of the work that Hunt has been doing, and it is pleasing to see that the FBI is doing so. That said, it will be interesting to see what this partnership yields as far as tracking down hacking groups and protecting user information moving forward.
“We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime,” the FBI’s cyber division assistant director, Bryan A. Vorndran, added.
As for the open source announcement, Hunt notes that the decision to do so was made back in August of last year, and now the journey to make it happen has come full circle. To that end, Hunt has worked with the .NET Foundation to bring this to fruition and hopes that making Pwned Passwords open source will be to the benefit if all.
“My hope is that this encourages greater adoption of the service both due to the transparency that opening the code base brings with it and the confidence that people can always “roll their own” if they choose. Maybe they don’t want the hosted API dependency, maybe they just want a fallback position should I ever meet an early demise in an unfortunate jet ski accident. This gives people choices,” he highlighted.
With Hunt doing stellar work up until now, we too hope these newly announced ventures yield improvements in cybersecurity across the board.