‘Have I Been Pwned’ up for acquisition; Troy Hunt code names this campaign ‘Project Svalbard’

Yesterday, Troy Hunt, revealed that his ‘Have I Been Pwned’(HIBP) website is up for sale, on his blogpost. Hunt has codenamed this acquisition as Project Svalbard and is working with KPMG to find a buyer.

[box type=”shadow” align=”” class=”” width=””]Troy Hunt has named Project Svalbard after the Svalbard Global Seed Vault, which is a secure seed bank on the Norwegian island of Spitsbergen. This vault represents the world’s largest collection of crop diversity with a long-term seed storage facility, for worst-case scenarios such as natural or man-made disasters.[/box]

Commercial subscribers highly depend on HIBP to alert members of identity theft programs, enable infosec companies, provide services to their customers, protect large online assets from credential stuffing attacks, preventing fraudulent financial transactions and much more. Also,  governments around the world and the law enforcement agencies use HIBP to protect their departments and also for their investigations respectively.

Hunt further says he has been handling everything alone. “to date, every line of code, every configuration and every breached record has been handled by me alone. There is no “HIBP team”, there’s one guy keeping the whole thing afloat”, he writes.

However, in January, this year he discovered Collection #1 data breach which included 87 GB worth of data in a folder containing 12,000-plus files, nearly 773 email addresses, and more than 21 million unique passwords from data breaches going back to 2008. Hunt uploaded all of these breached data to HIBP and since then he says the site has seen a massive influx in activity, thus, taking him away from other responsibilities.

“The extra attention HIBP started getting in Jan never returned to 2018 levels, it just kept growing and growing,” he says.

Hunt said he was concerned about burnout, given the increasing scale and incidence of data breaches. Following this, he said it was time for HIBP to “grow up”. He also believed HIBP could do more in the space, including widening its capture of breaches.

“There’s a whole heap of organizations out there that don’t know they’ve been breached simply because I haven’t had the bandwidth to deal with it all,” Hunt said.

“There’s a heap of things I want to do with HIBP which I simply couldn’t do on my own. This is a project with enormous potential beyond what it’s already achieved and I want to be the guy driving that forward,” Hunt wrote.

Hunt also includes a list of “commitments for the future of HIBP” in his blogpost. He also said he intended to be “part of the acquisition – that is some company gets me along with the project” and that “freely available consumer searches should remain freely available”.

Via Project Svalbard, Hunt hopes to enable HIBP to reach out to more and more people and play “a much bigger role in changing the behavior of how people manage their online accounts.”

A couple of commenters on the blog post ask Hunt whether he’s considered/approached Mozilla as a potential owner. In a reply to one he writes,“Being a party that’s already dependent on HIBP, I reached out to them in advance of this blog post and have spoken with them. I can’t go into more detail than that just now, but certainly their use of the service is enormously important to me.”

To know more about this announcement in detail, read Troy Hunt’s official blogpost.

Read Next

A security researcher reveals his discovery on 800+ Million leaked Emails available online

The Collections #2-5 leak of 2.2 billion email addresses might have your information, German news site, Heise reports

Bo Weaver on Cloud security, skills gap, and software development in 2019