Whenever there is a security breach, everyone likes to point to \u201cHave I Been Pwned.\u201d <\/p>\n\n\n\n
It\u2019s for a good reason. <\/p>\n\n\n\n
The guy who runs it is a \u201cRock Star\u201d in the internet security world. But that doesn\u2019t mean much to most people so let me show you why you should trust Have I Been Pwned(HIBP). <\/p>\n\n\n\n
Disclosure<\/strong>: I\u2019m NOT being paid to write this. I don\u2019t know the owner of HIBP and never met him. This is just the research I\u2019ve done to find out if this site is trustworthy. <\/p>\n\n\n\n Troy Hunt owns HaveIBeenPwned. <\/p>\n\n\n\n Personal site: https:\/\/www.troyhunt.com\/<\/a> <\/p>\n\n\n\n Twitter: https:\/\/twitter.com\/troyhunt<\/a> <\/p>\n\n\n\n YouTube: https:\/\/www.youtube.com\/user\/troyhuntdotcom<\/a><\/p>\n\n\n\n Troy Hunt is an Australian web security expert. To learn more check out his Wikipedia page<\/a>.<\/p>\n\n\n\n Most notable is that Microsoft awarded him \u201cMicrosoft Most Valuable Professional\u201d in 2011.<\/p>\n\n\n\n HaveIBeenPwned was created in 2013. The thing that pushed HaveIBeenPwned to life was the Adobe breach in 2013. The Adobe breach had 153 million accounts compromised. <\/p>\n\n\n\n As Troy does, he was analyzing data breaches for patterns. He realized this data was easy for him to get ahold of, but for the average person, it was unfeasible. Troy wanted the everyday person to be able to check if their data was in a breach, so he created HaveIBeenPwned. <\/p>\n\n\n\n HaveIBeenPwned allowed anyone to check if their email address was ever in any breaches. If it was, they could take actions to secure their accounts again. Troy also added a way to check your passwords to see if they were in any breaches too. <\/p>\n\n\n\n There was a bit of controversy for HaveIBeenPwned during the Ashely Maddison Breach<\/a>. <\/p>\n\n\n\n There were sites created overnight to check to see if your email was in this breach. Since Ashely Madison was for cheating spouses, it provided an easy way to check if your partner was using the site. <\/p>\n\n\n\n HaveIBeenPwned got wrapped up in this but did all the right things. You had to verify you owned the email address<\/a> before it would reveal if that email address was in the breach.<\/p>\n\n\n\n Other sites did not do this and outed many people. <\/p>\n\n\n\n Due to the media wanting a fast headline HaveIBeenPwned got wrapped up in this. To be clear, HaveIBeenPwned did the right thing by not exposing sensitive data of this breach. <\/p>\n\n\n\n I feel it\u2019s important to point out what companies use HaveIBeenPwned. Many of these companies have a lot to lose if HaveIBeenPwned was not trustworthy. <\/p>\n\n\n\n HaveIBeenPwned has a way for other companies to use their database to check if customers login data was compromised. This is very useful for password managers and sign-up pages. <\/p>\n\n\n\n 1Password – https:\/\/blog.1password.com\/finding-pwned-passwords-with\u20131password\/<\/a><\/p>\n\n\n\n Bitwarden – https:\/\/blog.bitwarden.com\/have-you-been-pwned\u20137051d64e685b<\/a><\/p>\n\n\n\n FireFox Web Browser – https:\/\/www.infosecurity-magazine.com\/news\/mozilla-pwned-function-firefox\/<\/a><\/p>\n\n\n\n U.K. and Australian governments – https:\/\/techcrunch.com\/2018\/03\/02\/uk-and-australian-governments-now-use-have-i-been-pwned\/<\/a><\/p>\n\n\n\n Being able to see what real people say about HaveIBeenPwned is worth a look at if you ask me. I\u2019ve listed off a few Reddit post that helps to back up the claim that HaveIBeenPwned is safe to use. <\/p>\n\n\n\n Is haveibeenpwned a legit page?<\/a> <\/p>\n\n\n\n YSK: HaveIBeenPwned will tell you if your email address and passwords have ever been compromised, so change them right now if they have!<\/a> <\/p>\n\n\n\n Have I been pwned? Check if your email has been compromised in a data breach<\/a> – <\/p>\n\n\n\n Firefox Monitor Lets You Know When You\u2019ve Been Pwned: Mozilla teams up with Have I Been Pwned for hack-alert service.<\/a><\/p>\n\n\n\n PSA: Many Spotify accounts emails and passwords have been posted online in what appears to be a hack.<\/a> <\/p>\n\n\n\n Let\u2019s not forget what other sites say about HaveIBeenPwned. Spoiler: It\u2019s all good things!<\/p>\n\n\n\n Digitaltrends – https:\/\/www.digitaltrends.com\/computing\/best-websites-for-finding-out-if-youve-been-hacked\/<\/a><\/p>\n\n\n\n CNET – https:\/\/www.cnet.com\/how-to\/find-out-if-your-passwords-been-hacked\/<\/a> <\/p>\n\n\n\n dailymail.co.uk – https:\/\/www.dailymail.co.uk\/sciencetech\/article\u20134767562\/Have-PWNED-Site-reveals-password-safe.html<\/a><\/p>\n\n\n\n makeuseof – https:\/\/www.makeuseof.com\/tag\/hacked-email-account-checking-tools-genuine-scam\/<\/a><\/p>\n\n\n\n Forbes – https:\/\/www.forbes.com\/sites\/adamtanner\/2014\/04\/14\/these-sites-tell-which-of-your-accounts-have-been-hacked\/#50d20e403763<\/a><\/p>\n\n\n\n PCWorld – https:\/\/www.pcworld.com\/article\/2070080\/new-website-lets-users-check-if-their-online-credentials-were-exposed-in-large-data-leaks.html<\/a><\/p>\n\n\n\n The old saying goes, \u201cif you\u2019re not paying for it, then you\u2019re the product.\u201d So how does HaveIBeenPwned make money? <\/p>\n\n\n\n The first way HaveIBeenPwned makes money is from donations. If you used his service in the past, please consider donating<\/a> as it does help. <\/p>\n\n\n\nWho Owns HaveIBeenPwned?<\/h2>\n\n\n\n
Who Is Troy Hunt?<\/h2>\n\n\n\n
HaveIBeenPwned History<\/h2>\n\n\n\n
HaveIBeenPwned Controversy<\/h2>\n\n\n\n
Who Uses HaveIBeenPwned<\/h2>\n\n\n\n
What Real People Are Saying<\/h2>\n\n\n\n
What Other Sites Are Saying<\/h2>\n\n\n\n
How Does HaveIBeenPwned Make Money?<\/h2>\n\n\n\n