Troy Hunt

From Wikipedia, the free encyclopedia

Troy Hunt
Hunt in 2021
Troy Adam Hunt[1]

1976 (age 47–48)[2]
Known forHave I Been Pwned?
Height196 cm (6 ft 5 in)[3]
Kylie Bragg
(m. 2006; div. 2020)
Charlotte Hunt
(m. 2022)
AwardsSee Awards and achievements

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics.[5] He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.[6]

Data breaches[edit]

As part of his work administering the Have I Been Pwned? (HIBP) website, Hunt has been involved in the publication of 644 data breaches as of 6 January 2023,[7] and journalists cite him as a cybersecurity expert[8][9][10][11][12][13] and data-breach expert.[14][15][16]

As of June 2018 HIBP had recorded more than 5 billion compromised user-accounts. Governments of Australia, United Kingdom[17] and Spain use the service to monitor their official domains.[18] Popular services, such as 1Password,[19] Eve Online, Okta[20] or Kogan have integrated HIBP into their account-verification process.

Gizmodo included HIBP in its October 2018 list of "100 Websites That Shaped the Internet as We Know It".[21]

In August 2015, following the Ashley Madison data breach, Hunt received many emails from Ashley Madison members asking for help. He criticized the company for doing a poor job informing its userbase.[22]

In February 2016 children's toy-maker VTech, who had suffered a major data breach months earlier, updated its terms of service to absolve itself of wrongdoing in the event of future breaches. Hunt, who had added the data from VTech's breach to the databases of Have I Been Pwned?, published a blog post harshly criticizing VTech's new policy, calling it "grossly negligent".[23] He later removed the VTech breach from the database, stating that only two people besides himself had access to the data and wishing to reduce the chance of its spread.[24]

In February 2017 Hunt published details of vulnerabilities in the Internet-connected children's toy, CloudPets, which had allowed access to 820,000 user records as well as 2.2 million audio files belonging to those users.[25][26]

In November 2017 Hunt testified before the United States House Committee on Energy and Commerce about the impact of data breaches.[27]

Also in November 2017 Hunt joined Report URI, a project (launched in 2015 by Scott Helme) which allows real-time monitoring of CSP and HPKP violations on a website. He planned to bring funding and his expertise to the project.[28][29]


Hunt speaking about application security at OWASP's AppSec EU conference in 2015.

Hunt is known for his efforts in security education for computer and IT professionals. He has created several dozen courses on Pluralsight, an online education and training website for computer and creative professionals. He is one of the primary course authors for Pluralsight's Ethical Hacking path, a collection of courses designed for the Certified Ethical Hacker certification.[5][non-primary source needed]

Additionally, Hunt works in education by speaking at technology conferences and running workshops. His primary workshop, titled Hack Yourself First, aims to teach software developers with little security background how to defend their applications by looking at them from an attacker's perspective.[30][31]

Awards and achievements[edit]

  • 2011–present: Microsoft MVP for Developer Security[32]
  • 2016–present: Microsoft Regional Director[33]
  • 2018: AusCERT's Individual Excellence in Information Security award[34]
  • 2018: Grand Prix Prize for the Best Overall Security Blog, The European Security Blogger Award[35]


  1. ^ "Summary of business name details".
  2. ^ "Weekly Update 282". YouTube.
  3. ^ "Weekly Update 269". YouTube.
  4. ^ Troy Hunt [@troyhunt] (21 September 2022). "Absolutely over the moon to formally make @Charlotte_Hunt_ a part of our family ❤️ 💍" (Tweet) – via Twitter.
  5. ^ a b "Troy Hunt - Ethical Hacking Author - Pluralsight". Pluralsight. Retrieved 20 September 2016.
  6. ^ Hunt, Troy (6 November 2018). "It's End of Life for ASafaWeb". Archived from the original on 12 August 2021. Retrieved 11 February 2022.
  7. ^ Hunt, Troy (6 January 2023). "Have I Been Pwned". Have I Been Pwned.
  8. ^ Cox, Joseph (10 March 2016). "The Rise of 'Have I Been Pwned?', an Invaluable Resource in the Hacking Age". Vice. Retrieved 20 October 2021.
  9. ^ "Tool checks phone numbers from Facebook data breach". BBC News Online. 6 April 2021.
  10. ^ "Grindr accounts could be easily hacked with email address". BBC News Online. 5 October 2020.
  11. ^ "Baltimore ransomware attack: NSA faces questions". BBC News Online. 27 May 2019.
  12. ^ Rogers, James (1 March 2017). "Data from internet-connected teddy bears held ransom, security expert says". Fox News.
  13. ^ Arthur, Charles (23 September 2016). "Yahoo hack is a reminder that nothing is safe". CNN.
  14. ^ Lariosa, Saab (8 April 2021). "How to know if you're one of 880,000 Filipinos caught in Facebook's data leak". The Philippine Star.
  15. ^ Bisson, David (28 February 2020). "More Than 140GB of Data Exposed by Israeli Marketing Company". Tripwire.
  16. ^ "Foodora Data Breach Impacts 727,000 Customers Across 14 Countries". CISOMAG. 17 June 2020.
  17. ^ "The Government Uses 'Have I Been Pwned' to Keep Tabs on Data Breaches". Retrieved 1 June 2018.
  18. ^ "Breach Alert Service: UK, Australian Governments Plug In". Retrieved 4 January 2019.
  19. ^ Locklear, Mallory (23 February 2018). "1Password now lets you see if your password has been leaked". Engadget. Retrieved 17 January 2019.
  20. ^ "Okta's PassProtect checks your passwords with 'Have I Been Pwned'". 23 May 2018. Retrieved 1 June 2018.
  21. ^ "100 Websites That Shaped the Internet as We Know It". 19 October 2018. Retrieved 31 October 2018.
  22. ^ Price, Rob (24 August 2015). "Ashley Madison not communicating with customers: Troy Hunt". Business Insider. Retrieved 21 March 2016.
  23. ^ Murdock, Jason (9 February 2016). "VTech hack: Microsoft security researcher Troy Hunt slams 'grossly negligent' security approach". International Business Times. Retrieved 21 March 2016.
  24. ^ Hunt, Troy (8 April 2016). "Have I been pwned, opting out, VTech and general privacy things". Retrieved 28 June 2016.
  25. ^ "Children's messages in CloudPets data breach". BBC News. 28 February 2017. Retrieved 6 August 2017.
  26. ^ Hern, Alex (28 February 2017). "CloudPets stuffed toys leak details of half a million users". The Guardian. ISSN 0261-3077. Retrieved 6 August 2017.
  28. ^ "I'm Joining Report URI!". November 2017. Retrieved 25 July 2018.
  29. ^ "The next steps for Report URI". Retrieved 25 July 2018.
  30. ^ Computerworld staff (5 August 2015). "FREE COURSE: Hack yourself first (before the bad guys do)". Computerworld. IDG Communications. Retrieved 4 April 2018.
  31. ^ Hunt, Troy (29 March 2016). "Troy Hunt: Workshops". Troy Hunt. Retrieved 4 April 2018.
  32. ^ "Troy Hunt". Retrieved 1 June 2018.
  33. ^ "Troy Hunt". Retrieved 1 June 2018.
  34. ^ "AusCERT 2018 - Awards". Archived from the original on 28 January 2021. Retrieved 1 June 2018.
  35. ^ "#Infosec18: European Blogger Awards Winners Announced". 5 June 2018. Retrieved 11 June 2018.

External links[edit]