In our fourth episode, Avast CISO Jaya Baloo talks data breaches with Have I Been Pwned? creator Troy Hunt
When asked how Have I Been Pwned? got its start, Troy Hunt goes back to the massive Adobe data breach of 2013, which impacted at least 38 million users. There was one particular detail about that hack that grabbed his attention – his own data was listed not once, but twice in the breach, and he had never given his information to Adobe.
What had happened was that back in the late 90’s, Troy had shared his information with Macromedia, the company that created Dreamweaver. Adobe acquired Macromedia in 2005 and assimilated all its data. When hackers cracked into the Adobe database in 2013, Troy’s information had already been part of it for almost a decade.
“I thought if I don’t know where my data is, and I don’t know where it appears, then there must be other people who don’t know as well, particularly people who are less in tune with this industry,” he tells Avast CISO Jaya Baloo in Episode 4 of Avast Hacker Archives (AHA). He goes on to explain that was only half the inspiration behind Have I Been Pwned? — to understand the other half, first you need to know a little more about Troy Hunt.
As a high schooler in Singapore, Troy got into computers when he took a job doing hardware maintenance for a satellite systems company. He found that he loved tinkering with both hardware and software. He got into web development, then drifted to the security side of things because he felt there was a vacuum in that area. He worked for Pfizer for many years, but learned that rising up through the ranks was a double-edged sword – yes, he was commanding more power and weighing in on a grander scale, but he was missing the simple joy of tinkering.
That’s the other half of his inspiration for Have I Been Pwned?: After so much time in management, he wanted to work with his hands again and build something. The result was a free website that tells all users simply and clearly if their email address has ever been involved in a data breach. To date, the site has logged over 10 billion “pwned” accounts. Bringing awareness to millions of users about the importance of security, the site is widely seen as a valuable internet resource. Our own Jaya Baloo credits it for helping push the awareness of two-factor authentication.
Troy regularly presents key notes and workshops on security topics. He lives in Australia, but the U.S. Congress occasionally invites him to Washington D.C. to share his expertise on data breaches. That expertise is on full display in our podcast, in which he and Jaya discuss those data breaches and security bugs that bring an extra layer of concern, such as the 2015 Ashley Madison breach, which was followed by a number of exposed users reaching out to Troy for security help and guidance. He also provides his take on the Grindr sextortion bug he helped bring to light.
Their conversation visits the other end of the spectrum as well, where they talk about the 2016 V-Tech data breach that involved information related to children and the 2017 CloudPets vulnerability that compromised 820,000 kids. As the father of an 11-year-old, Troy is sensitive to the dangers that await kids online, and he opens up to Jaya about life as a parent, his reliance on his fiancee to “project manage” him, and his favorite password joke.
Learn everything you wanted to know about data breaches and more in Episode 4 of Avast Hacker Archives with our very special guest, Troy Hunt.
You can also listen to the episode as a podcast (additionally on Apple Podcasts and Google Podcasts as well as on Spotify.