Have I Been Pwned (HIBP), a website created and maintained by security researcher Troy Hunt, is one of the best places to see if your email address or password was compromised in a data breach.
Hunt, who is also the Microsoft Regional Director for Security, revealed last night that the website will be open-sourced, allowing others to contribute and make it easier to identify your compromised credentials. Last August, he announced his plans to open up this project to other services.
Hunt and the.NET Foundation are making the pwned password module open-source as a first step. This website currently allows you to see if any of your passwords (not associated with usernames) have been compromised. Data for this service is taken from publicly available hashed databases, according to Hunt.
He went on to say that because the function's codebase is quite simple, consisting of Azure Storage, a single Azure Function, and a Cloudflare worker, this was the natural initial step. It also has its own domain and operates independently of the rest of HIBP, using non-commercial APIs.
This API might be integrated into apps and services, such as password managers, to prevent you from picking passwords that have previously been hacked.
Furthermore, HIBP is collaborating with the FBI, which will provide its own batch of compromised credentials to the database.
Hunt stated earlier this week that the HIBP website is approaching 1 billion monthly searches for searching hacked passwords and email addresses.
Getting closer and closer to the 1B requests a month mark for @haveibeenpwned's Pwned Passwords. 99.6% of those have come direct from @Cloudflare's cache too ? pic.twitter.com/zRRbkhT27P
— Troy Hunt (@troyhunt) May 27, 2021
More information regarding Have I Been Pwned's open source project may be found here.