Have I Been Pwned

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches [https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/] , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs. You'll see more national gov...

I have been, and still remain, a massive proponent of "the cloud". I built Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars [https://www.troyhunt.com/serverless-to-the-max-doing-big-things-for-small-dollars-with-cloudflare-workers-an...

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API [https://haveibeenpwned.com/Passwords]. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes [https://www.cloudflare.com/network/] spread around the world (95% of the world's population is within 50ms of one). It looks like this: There are all sorts of amazing Pwned Passwords use cases out there. For e...

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car [https://www.doj.nh.gov/consumer/security-breaches/documents/pfizer-20110610.pdf] . The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. It's not clear if the car was locked or not. Is this a data breach? Some years later, an outsourcing provider of the Aus...

Like most of my good ideas, this one came completely by accident. The other day I was packaging up some swag to send to the winner of my impromptu best "Anonymous" meme competition [https://twitter.com/troyhunt/status/1455137628370575362] and I decided to share the following tweet: > Time to ramp up the 3D @haveibeenpwned [https://twitter.com/haveibeenpwned?ref_src=twsrc%5Etfw] printing too, been giving away a heap of these! pic.twitter.com/ffZpM5aZtx [https://t.co/ffZpM5aZtx] — Troy Hunt (@tr...

For the last few years, I've been welcoming national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them. Data breaches impact all of us in one way or another, and government agencies are no exception. My hope is that in su...

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks. I'm looking forward to welcoming more national governments onto HIBP in the future....

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board. They join many other governments around the world in having access to data impacting their departments amongst the more than 11 billion records already in HIBP, and inevitably the billions yet to come. I'm really encouraged to see the amount of enthusiasm expressed by national government defenders to gain access to breach d...

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other nations...

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come. I look forward to...