Every time there is a data breach, the Have I Been Pwned website offers the possibility of searching our email or telephone number to see if we have been affected. It has been doing this for years, importing databases that have been stolen so that the search engine can notify the victims.
The site in question was created by security researcher Troy Hunt, who is also Microsoft’s regional director of security.
Now he has announced that he will open the code of the web so that others can contribute to the project, it will be opensource, as indicated in this article.
Currently the web allows you to verify if any of our emails, or our passwords, are part of a data leak, and what they want is to be able to integrate with other password platforms so that they notify if any of the chosen ones has been previously compromised.
That is to say, we can imagine that we are using 1password, and that when choosing a password it tells us something like «hey, that password was previously used in other services and filtered in a data leak».
Additionally, HIBP is partnering with the FBI, which will help harden the database with its own set of compromised passwords.
The web currently receives over a billion requests per month to search for leaked passwords and email IDs, a truly impressive number.