Popular breached email service opens codebase to security community

Have I Been Pwned is being open sourced, founder Troy Hunt revealed

The codebase for data breach notification website Have I Been Pwned? is going to be open sourced, its founder Troy Hunt has revealed.

The popular site enables users to find out whether their email address has been involved in a data breach.

Hunt said in a statement posted online today (August 7) that turning the service into an open source project will ensure that HIPB can be managed by more than one individual, removing himself as a single dependency.

It comes after an acquisition deal, dubbed ‘Project Svalbard’, fell through earlier this year.

Hunt said: “The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it.”

“The single most important objective of that process was to seek a more sustainable future for HIBP, and that desire hasn’t changed. The project cannot be solely dependent on me. Yet that’s where we are today and if I disappear, HIBP quickly withers and dies.

“As I’ve given further thought to the future since the M&A process, the significance of community contributions has really hit home.”

‘Open in spirit’

Turning HIBP into an open source project is in keeping with the site’s strong community focus, Hunt reflected.

“Every single byte of data that’s been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone,” he said.

“The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP. Open sourcing the codebase is the most obvious way to do this.”

Read more of the latest data breach news

Hunt confirmed that while the code will be made open to researchers, or anyone who might be curious, the personal information in the databases will not be accessible.

So far, the news has been welcomed by the security community.

Replying to Hunt’s announcement on Twitter, one user said: “Certainly difficult to work out the specifics, but it seems like a strong step in the right direction! I love the idea of HIBP becoming even more transparent and omnipresent as a result of having an open source codebase!”

The Daily Swig has reached out to Troy Hunt for comment and will update this article accordingly.

READ MORE Black Hat 2020: New open source project uses AI to detect exposed data on GitHub