Have You Been Pwned? A Reboot

A brief on Have I Been Pwned 2.0, a reboot of Troy Hunt's popular breach tracking service.

For well over a decade now, the free Have I Been Pwned (aka HIBP) service by Troy Hunt has helped individuals and organisations check whether their personal data - email addresses, usernames, and passwords - have been exposed in known data breaches. HIBP aggregates publicly available breach data and allows users to search across hundreds (887 at last count!) of compromised datasets. It includes domain monitoring, API for developers, and a "Notify Me" service to alert users about future breaches. Additionally, HIBP also maintains a searchable database of passwords found in breaches via the Pwned Passwords service.

Image source: haveibeenpwned.com
Image source: haveibeenpwned.com

In February this year, Troy teased an update to the brand (with a fair bit of detail into the rebrand thought process), and decided to open source the UX code. Fast forward to May, HIBP 2.0 is now live with a significant overhaul of the service, including both functional enhancements and user experience improvements. Here's a quick summary of the changes:

  • Visual refresh, featuring a cleaner layout and updated branding elements
  • Subtle design choices to make the service less intimidating for users
  • Centralised dashboard that combines various aspects of a single entity
  • Cleaner summary and filtering options for the domain search feature
  • Removal of user name and phone number searches - these were under utilised, and posed challenges in data parsing and notification delivery
  • Dedicated data breach pages, with detailed information about each breach, including the nature of data compromised and tailored recommendations

If you haven't yet explored the refreshed HIBP, now's a great time to do so. Here's to staying secure and unpwned!

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe