Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    How Troy Hunt Is Alerting Web Users Ensnared in Huge Data Breaches

    Written by

    Wayne Rash
    Published May 28, 2016
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      I’ve known about the Have I Been Pwned Website for a couple of years, and I decided to check it out to see if it was legitimate. The site was created to alert Web users if their online identities have been compromised in cyber-attacks and data breaches.

      So I entered in my email addresses and asked to be notified if the site ever came across any evidence that my information had been stolen.

      I immediately heard that I’d been caught in the vast Adobe breach of a few years ago, but I already knew about that and had changed my password. I mentioned the site in my published articles a couple of times afterward, but mostly didn’t think about it.

      Then I got a disturbing email. The email alert system from the Website sent me a notice that my user name and password had been compromised in the even more vast LinkedIn breach of four years ago. While I knew about that breach as well, I hadn’t given it a lot of thought because LinkedIn had told users that they would notify anyone who had been included in the breach, and I hadn’t been notified.

      Just the same, I changed my LinkedIn password. I changed it once after I heard about the breach, and then I changed it again later because I’d decided that the new password was too easy to guess. Then I didn’t think about it again until it was time for my regular password changes.

      But then I got the latest alert from Have I Been Pwned. I asked myself whether I was sure that there was no vestige of my old password around anywhere, so I got to changing passwords again. But I began wondering about the person who ran this site and why he seemed to be able to ferret out this information that normally resides on what the television shows like to call the “Dark Web.”

      I went back to the Website and looked up the details on the person who operates it, Troy Hunt, and learned more about him. Hunt, it seems, is the real deal. He’s a Microsoft regional director and MVP, and he speaks all over the world on security. He also runs a company that creates educational software.

      Intrigued, I emailed Hunt and asked if we could talk. The next afternoon. I contacted Hunt via Skype, and found myself talking to him as he sipped his morning coffee, framed against the tan stucco of his house and the crystal blue sky of the Australian morning. I immediately envied him as I reflected on the 25 days of continuous cold drizzle that had inflicted the Washington, D.C., region.

      I asked him where all of this started. The Adobe breach was the beginning. “This started around October 2013,” Hunt said. “Back then I’d been analyzing data breaches. One of the things that struck me was when you had the same person appearing in multiple data breaches. It built this rich profile. Most of the time they didn’t even know.”

      Hunt said that he thought it would be helpful if he could somehow tell those people what he found, and so he set up his Website so that people could indicate an interest in being alerted. Hunt said that it started to get traction almost immediately because this was the beginning of the really big data breaches and people were worried.

      How Troy Hunt Is Alerting Web Users Ensnared in Huge Data Breaches

      “It started as a hobby,” Hunt said. “I didn’t expect it to become so successful. The thing about the service is that it responds to events.” Those events in many cases were fairly small breaches, but the traffic on his Website reached past 100,000 a day very quickly.

      Then came the Ashley Madison data breach.

      The Website called Ashley Madison is a Canadian operation designed to connect married people with others who want an illicit affair. When the Ashley Madison breach became public, it made world news. It also drove the haveibeenpwned.com traffic through the roof. Instantly, Hunt was seeing numbers above a million a day.

      Despite the titillation factor of the Ashley Madison breach, the LinkedIn breach was far worse, and for Hunt, it was a lot more work. “We have a breach that’s five times Ashley Madison,” he explained. “I have this notification feature where people can subscribe for free and I’ll send them an email. It’s not easy sending 180,000 emails in a single go.” Hunt said that he has a dedicated email service that he uses for breach alerts.

      And where does he find that information? It turns out that people send Hunt the databases of stolen information, mostly on their own. He said he’s received the data from white hat hackers who found it and from black hat hackers who sent it for their own reasons, and lately it’s started coming from the companies that were breached.

      “I had to invest a lot of time,” Hunt said. “One of the reasons I built this [is] I wanted to use Microsoft’s Azure cloud platform. This has allowed me to style and grow. I had a 57,000 percent increase with Ashley Madison. Everything this service does is use one form of cloud-based service or another.”

      Unfortunately, Hunt doesn’t expect that there will be a way to fix the fundamental problem behind those data breaches any time soon.

      “We’re getting into a very competitive market where people are rushing things to market, and people expect things for free.” He said that, as a result, the security of the data behind many online systems is at best an afterthought. Worse, he said that people don’t understand the technology they’re using and they have no understanding of the security risks they’re exposed to as a result.

      “This is a hard problem because it comes back to the people building the software,” Hunt said. “We have so many developers, particularly those coming through emerging markets where they churn them quickly just to get them developing code.” The result is that many of those developers may not even know anything about secure coding.

      So what’s next for Hunt and his project? Right now, it’s unclear. Hunt depends on donations to help support the significant costs of running his Website. For now they’re covering the costs. In addition, he’s happy to take donations even in the form of beer and as movie tickets for his kids. But he’s worried about the future.

      “I think it will continue to evolve,” he said. “At some point, it may mean it’s too risky to run or too legally dubious.” And if that happens, the industry will be without what is one of the best public services available on the Net.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.