Who, what & why

The background on the who, the what and the why of Have I Been Pwned

Troy Hunt Profile Picture

Troy Hunt

I'm Troy Hunt, a Microsoft Regional Director and Microsoft Most Valuable Professional, blogger at troyhunt.com, international speaker on information security and the creator of Have I Been Pwned. I've been writing software for the web since the mid-90s and since 2013, I've been running this website.

I built HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and easily accessible to ensure it could be of maximum benefit to the community.

Charlotte Hunt Profile Picture

Charlotte Hunt

Charlotte is both my wife and chief of all operational things at HIBP. She has a background in organising technology conferences, specifically the NDC "Norwegian Developers Conference", which she coordinated around the globe from 2013 until 2021 when she joined me at HIBP. She also has qualifications and experience in public relations and entrepreneurship studies.

Charlotte manages all the day to day logistics of HIBP, everything from customer onboarding to legal and finances. She coordinates all non-technical aspects of the service and is also regularly the coalface of customer support queries.

Stefán Jökull Sigurðarson Profile Picture

Stefán Jökull Sigurðarson

Stefán is a fellow Microsoft Most Valuable Professional, regular conference speaker and open source software contributor. He joined HIBP on a part time basis in 2023 after many years of building integrations with the service and making community contributions to the open source components of it.

Today, Stefán helps maintain and optimise the codebase as well as the cloud infrastructure from his home in Iceland. He plays an invaluable role in keeping the service fast, reliable and sustainable and regularly shares those experiences in his speaking activities.

What is the site all about?

This site came about after what was, at the time, the largest ever single breach of customer accounts — Adobe. I often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.

The FAQs page goes into a lot more detail, but all the data on this site comes from "breaches" where data is exposed to persons that should not have been able to view it.

Why build the site?

This site serves two primary purposes for me: firstly, it obviously provides a service to the public. Data breaches are rampant and many people don't appreciate the scale or frequency with which they occur. By aggregating the data here I hope that it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today's internet.

Secondly, the site provided me with an excellent use case for putting a number of technologies through their paces and keeping my hands-on skills somewhat current. Projects like this are an excellent way of staying relevant as my day job increasingly focuses more on software management and less on actually building things (which I happen to love doing!) It's been an enormously fulfilling journey that I've invited others to join me on by way of often blogging in depth about the process, something I intend to keep up as the site inevitably evolves over time.