Have I Been Pwned Teams Up With the FBI on Password Leaks

Illustration for article titled Have I Been Pwned Teams Up With the FBI on Password Leaks
Photo: Yuri Gripas (Getty Images)

Have I Been Pwned, or HIBP, a website that allows users to check if their passwords have been compromised, is about to get a powerful new partner—the Feds.


On Friday, the site’s founder Troy Hunt announced that the FBI will be getting a direct line to feed their own intel about any breaches into the site.

While the platform already has a database of literally billions of passwords, emails, and account details that have been compromised over the years, this new partnership means the Bureau will be piping in freshly compromised passwords found during its own investigations. The FBI had actually teamed up with Hunt not too long ago for a similar purpose when it passed along 4.3 million emails that were compromised as part of the infamous Emotenet Botnet bust at the start of this year. Now, the agency will be doing that on an ongoing basis.

As Hunt wrote in his blog, this news comes at the same time that HIBP has gone open source—a change that he’d been planning for the service since this past August. It turns out that timing ended up being pretty serendipitous; since the first open-source project that Hunt’s asking for help with is a way to bring the FBI’s repository to more people in a quicker way.

“The important thing is to ensure there’s an ingestion route by which the data can flow into HIBP and be made available to consumers as fast as possible in order to maximise the value it presents,” Hunt wrote. He listed out what he’s looking for in this so-called “password ingestion code” on his blog, and even set up a public Github for people that want to pitch in. He also added that the “scope” of these open-sourced projects might expand in the future, meaning that other cyber sleuths might be able to contribute their own Pwned Passwords soon enough.

I cover the business of data for Gizmodo. Send your worst tips to swodinsky@gizmodo.com.



Visiting relative now that I be fully vaccinated.

Her network was completely inaccessible, and all her electronics had issues. Ok, no problem. It is what I do. Last time she knows everything worked, she had someone who does this for a living come in before the pandemic and work on her stuff.

First problem — only thing that would connect to her WiFi was a really old iPad. And for some reason, when I checked she has a guest network running that is named something offensive. And the WiFi password does not work.

Ok, hack the iPad. The WiFi password was set to Password123.

Ok. Time for a trip to Best Buy, as I did not come with a cat5 cable. Her “expert” that she paid to help her out took advantage of her lack of knowledge and set up the iPad she used to read library ebooks with a password and her laptop. A windows update blew out the laptop WiFi.

He then changed her WiFi password to something basic and created a guest network.

I deleted it all today.