Have I Been Pwned (HIBP), a website built and maintained by security researcher Troy Hunt, is one of the top destinations to find out if your email ID or password has been part of a data breach.
Hunt, also Microsoft Regional Director for security, announced last night that he’s making the website open-sourced so others can contribute to the project and make it easier to find your compromised credentials. He had first announced his intention of making this project available to other services last August.
As a first step, Hunt and .NET foundation are making the pwned password module open-sourced. This page currently lets you check if any of your passwords (not attached with usernames) were part of a data leak. Hunt noted that data used for this service is retrieved from publicaly available hashed datasets.
He added that this was the logical first step as the function has a relatively simple codebase consisting of Azure Storage, a single Azure Function, and a Cloudflare worker. Plus, it has its own domain and works on non-commercial APIs independent of the rest of HIBP.
Apps and services — such as password managers — could integrate this API into their product, and prevent you from choosing passwords that are already compromised.
What’s more, HIBP is teaming up with the FBI, which will help bolster the database with its own set of compromised passwords.
Earlier this week, Hunt noted that the HIBP website is getting closer to 1 billion monthly requests for searching leaked passwords and email IDs.
— Troy Hunt (@troyhunt) May 27, 2021
You can learn more about Have I Been Pwned’s open source project here.