Have I Been Pwned, or HIBP, a website that allows users to check if their passwords have been compromised, is about to get a powerful new partner—the Feds.
On Friday, the site’s founder Troy Hunt announced that the FBI will be getting a direct line to feed their own intel about any breaches into the site.
While the platform already has a database of literally billions of passwords, emails, and account details that have been compromised over the years, this new partnership means the Bureau will be piping in freshly compromised passwords found during its own investigations. The FBI had actually teamed up with Hunt not too long ago for a similar purpose when it passed along 4.3 million emails that were compromised as part of the infamous Emotenet Botnet bust at the start of this year. Now, the agency will be doing that on an ongoing basis.
As Hunt wrote in his blog, this news comes at the same time that HIBP has gone open source—a change that he’d been planning for the service since this past August. It turns out that timing ended up being pretty serendipitous; since the first open-source project that Hunt’s asking for help with is a way to bring the FBI’s repository to more people in a quicker way.
“The important thing is to ensure there’s an ingestion route by which the data can flow into HIBP and be made available to consumers as fast as possible in order to maximise the value it presents,” Hunt wrote. He listed out what he’s looking for in this so-called “password ingestion code” on his blog, and even set up a public Github for people that want to pitch in. He also added that the “scope” of these open-sourced projects might expand in the future, meaning that other cyber sleuths might be able to contribute their own Pwned Passwords soon enough.