
Have I Been Pwned is now open source, FBI will feed it compromised passwords
The developer behind the popular and useful Have I Been Pwned has announced that the service is now fully open source and has partnered with the Federal Bureau of Investigation in order to inform users of any compromised passwords.
Originally promised back in August of 2020, Have I Been Pwned developer Troy Hunt has listed the full service under 2 separate open source repositories on GitHub. Hunt worked with the .NET Foundation on the PwnedPasswordsAzureFunction repo that contains "APIs for the k-anonymity Pwned Passwords implementation," and worked with Cloudflare on the PwnedPasswordsCloudflareWorker repo.
Alongside this announcement and milestone, Hunt also revealed that the FBI reached out to him about the possibility of providing any compromised passwords that the FBI discovers to the Have I Been Pwned database in order to inform users if they've been, well, pwned. Hunt states that they share the goal "to protect people from account takeovers by proactively warning them when their password has been compromised." Hunt concludes that this integration allows the FBI to potentially accomplish this "almost 1 billion times every month."
Both the .NET Foundation and Cloudflare will continue to assist in maintaining the repos for Have I Been Pwned as community contributions continue to evolve the service, and Hunt ended the announcement blog post by asking for patience, as this is his first time running an open source project. He also isn't entirely sure of "how things will proceed from here," but thanks everyone who will continue to support this initiative in advance.
Further coverage: Official developer blog post