Have I Been Pwned's code base will be open sourced

It'll help ensure a 'sustainable future' for the project after a failed acquisition process.

Sponsored Links

Kris Holt
August 7, 2020 11:22 AM
Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration
JuSun via Getty Images

For the last several years, Have I Been Pwned has proven a valuable way to determine whether your email address is connected to a wide number of data breaches. Following a failed acquisition process, Troy Hunt, the man behind the project, has decided to open-source the Have I Been Pwned code base to help it last.

“The single most important objective of [the mergers and acquisitions] process was to seek a more sustainable future for HIBP and that desire hasn't changed; the project cannot be solely dependent on me,” he wrote in a blog post. “Yet that's where we are today and if I disappear, HIBP quickly withers and dies.” As such, he’s calling on others to support the service, and believes that “open sourcing the code base is the most obvious way to do this.”

Hunt noted there were a few reasons for this, including the prevalence of open source projects and the fact Have I Been Pwned has always been “open in spirit.” On a practical level, it’ll enable others to fix bugs and implement ideas that he’s not necessarily able to.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

It’ll take some time to fully open up the code base, and Hunt plans to do so gradually. “The transition from completely closed to completely open will happen incrementally, bit by bit and in a fashion that's both manageable and responsible,” he wrote.

It’s a complex process, especially when you consider the highly sensitive troves of data that make Have I Been Pwned an important service. While much of that data is already in the wild, Hunt said he needed to ensure “privacy controls prevail across the breach data itself even as the code base becomes more transparent.”

Some other services, particularly password managers, also help people monitor whether their data or credentials have been included in a breach. Still, Have I Been Pwned is perhaps the best-known such resource, allowing people to search find out whether their email address is among billions of records from hundreds of data breaches. Taking steps to ensure it’ll remain available in the long run is a welcome move on Hunt’s part.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Have I Been Pwned's code base will be open sourced