If you want to be alerted to security breaches of user IDs and passwords, Have I Been Pwned (HIBP) is one of the most useful sites around – and it’s about to get even more so …

Background

You can visit the site to search on your email address or phone number, and it will list known breaches that included your details. Each one will reveal what data was exposed. For example:

Easier still, you can register with the site and receive automatic email alerts each time your details are found in a new privacy breach.

Apollo: In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their “revenue acceleration platform” and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they’re located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers, or financial data. The Apollo website has a contact form for those looking to get in touch with the organization.

Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles

Have I been Pwned goes open source

HIBP has so far been run by security researcher and Microsoft Regional Director Troy Hunt, but ZDNet reports that it is now going to be open-sourced to enable others to contribute.

FBI will contribute data

As part of this move, the FBI will now contribute to the HIBP database.

Hunt explained he’s open-sourcing the code because “The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP.” HIBP is written in .NET and runs on Azure […]

Hunt hopes “that this encourages greater adoption of the service both due to the transparency that opening the code base brings with it and the confidence that people can always ‘roll their own’ if they choose. Maybe they don’t want the hosted API dependency, maybe they just want a fallback position should I ever meet an early demise in an unfortunate jet ski accident. This gives people choices” […]

The HIBP code is being kept on GitHub. It’s licensed under the BSD 3-Clause license. 

Moving forward, HIBP will now also receive compromised passwords discovered in the course of FBI investigations […]

Bryan A. Vorndran, the FBI’s assistant director, Cyber Division, said, “We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime.”