Have I Been S0ld? Troy Hunt's security website is up for acquisition

Troy Hunt, inventor and operator of the popular security website Have I Been Pwned (HIBP), is putting the service up for sale.
Hunt, a Microsoft Regional Director and MVP for security, created the site in 2013 after Adobe leaked 153 million usernames and weakly encrypted passwords. Users can enter an email address and discover if it is included in the exposed data. You can also enter a password to see if it features in a data breach.
The site was soon extended with data from other breaches and now contains nearly 8 billion records. HIBP publishes an API which gets over 12 million hits a day, most of them checking whether a password is safe to use. Mozilla's Firefox is one of a number of products that integrates with the API to help users choose strong passwords. Commercial subscribers, governments and law enforcement agencies use the service too.
Hunt said in this weeks' announcement that "to date, every line of code, every configuration and every breached record has been handled by me alone. There is no 'HIBP team', there's one guy keeping the whole thing afloat."
He said that maintaining the site has been stressful and has taken him close to burnout. He believes it is time to put the business up for acquisition, which he is doing with KPMG.
The acquisition project is called Project Svalbard, in tribute to a Norwegian effort to store a vault of seeds to protect against future loss. "It sounds like a befitting name, beginning with the obvious analogy of storing a massive quantity of 'units'," Hunt said.
The question everyone will be asking: will the service get worse? Hunt said he will remain part of HIBP and that consumer searches will still be free. The idea is that a bigger organisation will enable him to build out more capabilities.
He also wants to put more effort into changing the behaviour of both individuals and organisations, in respect of their poor security practices.
Hunt has fallen behind, he said, on responsible disclosure – informing organisations that they have been breached. This he called "massively burdensome".
When will it happen? No hurry said, Hunt. "I'm not under any duress (not beyond the high workload, that is) and I've got time to let the acquisition search play out organically and allow it to find the best possible match for the project."
But he does not want to lead a new nonprofit even with sponsorship from other companies, believing that this would increase rather than reduce the stress he is under.
The site performs an excellent, though dispiriting, service. Those of us who have had active email accounts for many years are likely to feature multiple times in the HIBP database. Your correspondent's, for example, is in 20 data breaches including Adobe, Bit.ly, Creative, Disqus, Dropbox, Kickstarter, Last.FM, MySpace and vBulletin, as reported by HIBP.
Sane security today means unique passwords for every site and a password manager, along with other strategies like multi-factor authentication, but take-up is weak as data from services like Microsoft's Office 365 demonstrates.
source theregister
Industry: Cyber Security

Latest Jobs
-
- Identity Channel Partner Manager | London
- London
- N/A
-
Identity Channel Partner Manager | London Location: South East UK (commutable to London) We are working with a Cyber Security business who are looking for a Channel Partner Manager to drive and grow relationships across their identity ecosystem. Prior experience working within VARs, distributors, vendors or resellers in the identity space is essential. You must have experience working with technologies such as CyberArk, Sailpoint, Okta etc Responsibilities will include, but not be limited to: Build, maintain and develop strong relationships with channel partners. Work closely with partner sales teams to support growth drive sales opportunities. Identify and onboard new partners while strengthening existing partnerships. Act as the key point of contact for all channel-related activity. If you are an experienced channel professional, with experience in the Identity space and are ready for your next challenge, apply today.
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.