The Biggest Data Breach Archive on the Internet Is for Sale

The well-known and respected data breach notification website “Have I Been Pwned” is up for sale.

Troy Hunt, its founder and sole operator, announced the sale on Tuesday in a blog post where he explained why the time has come for Have I Been Pwned to become part of something bigger and more organized.

“To date, every line of code, every configuration and every breached record has been handled by me alone. There is no 'HIBP team', there’s one guy keeping the whole thing afloat,” Hunt wrote. “it’s time for HIBP to grow up. It’s time to go from that one guy doing what he can in his available time to a better-resourced and better-funded structure that's able to do way more than what I ever could on my own.”

Over the years, Have I Been Pwned has become the repository for data breaches on the internet, a place where users can search for their email address and see whether they have been part of a data breach. It’s now also a service where people can sign up to get notified whenever their accounts get breached. It’s perhaps the most useful, free, cybersecurity service in the world.

Hunt said he’s already had informal conversations with some organizations that might be interested in buying the service. Hunt said he’s engaged the financial consulting firm KPMG to look for a buyer.

In the post, Hunt shared some staggering numbers that explain just how big Have I Been Pwned has become: 8 billion breached records, nearly 3 million people subscribed to notifications, who have been emailed about a breach 7 million times, 150,000 unique visitors to the site on a normal day, 10 million on an abnormal day.

Regardless of who buys the site, Hunt made a series of commitments on the future of Have I Been Pwned: searches should remain free for consumers, the platform should expand and grow, and, finally, he wants to stay involved in some capacity.

Subscribe to our new cybersecurity podcast, CYBER.