Have I Been Pwned, the reference site to find out if a password has been exposed in a security breach, has partnered with the FBI to further grow your database. Troy Hunt, the creator of the free resource, assures that this agreement will allow to proactively warn people who have been victims of data theft.
The FBI works on all types of digital investigations and plays a critical role in the fight on issues such as child abuse, ransomware and terrorismor. Hunt explains that compromised passwords are found in the course of their investigations. These end up being used by cybercriminals and don’t come quickly to Have I Been Pwned to warn users.
With this association, Have I Been Pwned will be able to access a huge number of leaked passwords, in record time. However, the project requires a preliminary step so that the federal agency can insert this data on the site. To do this, HBP has been made open source through the .NET Foundation.
“The FBI reached out and we started a discussion about what it would be like to provide them with an avenue to enter compromised passwords in HIBP and expose them through the Pwned Passwords feature. Your goal here is perfectly aligned with mine and, dare I say, with the goals of most of the people reading this.
Troy Hunt, creator of Have I Been Pwned
Have I Been Pwned is now an open source project
Have i been pwned
After announcing the partnership with the FBI and the move to open source, Hunt is asking for community input. The idea is that you can find a «Way to enter compromised passwords in HIBP«. In the future it is hoped that other law enforcement agencies can contribute their findings.
Hunt also explains that “except for a donation,” all construction, operating and maintenance costs for the service have been directly out of your pocket. However, the Microsoft Azure cloud service has allowed him to host it “without spending too much money.”
Deputy Director of the FBI’s Cyber Division, Bryan A. Vorndran, said: “We are excited to partner with HIBP on this important project to protect victims of online credential theft. It is another example of the importance of public-private partnerships in the fight against cybercrime.