Have You Been Pwned? A Reboot
A brief on Have I Been Pwned 2.0, a reboot of Troy Hunt's popular breach tracking service.
For well over a decade now, the free Have I Been Pwned (aka HIBP) service by Troy Hunt has helped individuals and organisations check whether their personal data - email addresses, usernames, and passwords - have been exposed in known data breaches. HIBP aggregates publicly available breach data and allows users to search across hundreds (887 at last count!) of compromised datasets. It includes domain monitoring, API for developers, and a "Notify Me" service to alert users about future breaches. Additionally, HIBP also maintains a searchable database of passwords found in breaches via the Pwned Passwords service.

In February this year, Troy teased an update to the brand (with a fair bit of detail into the rebrand thought process), and decided to open source the UX code. Fast forward to May, HIBP 2.0 is now live with a significant overhaul of the service, including both functional enhancements and user experience improvements. Here's a quick summary of the changes:
- Visual refresh, featuring a cleaner layout and updated branding elements
- Subtle design choices to make the service less intimidating for users
- Centralised dashboard that combines various aspects of a single entity
- Cleaner summary and filtering options for the domain search feature
- Removal of user name and phone number searches - these were under utilised, and posed challenges in data parsing and notification delivery
- Dedicated data breach pages, with detailed information about each breach, including the nature of data compromised and tailored recommendations
If you haven't yet explored the refreshed HIBP, now's a great time to do so. Here's to staying secure and unpwned!