Troy Hunt

As part of his work administering the Have I Been Pwned? (HIBP) website, Hunt has been involved in the publication of 644 data breaches {{As of|lc=y|2023|January|6}},{{cite web|url=https://haveibeenpwned.com/|title=Have I Been Pwned|last=Hunt|first=Troy|date=6 January 2023|website=Have I Been Pwned}} and journalists cite him as a cybersecurity expert{{cite web|url=https://motherboard.vice.com/read/the-rise-of-have-i-been-pwned-an-invaluable-resource-in-the-hacking-age-troy-hunt|title=The Rise of 'Have I Been Pwned?', an Invaluable Resource in the Hacking Age|last=Cox|first=Joseph|date=10 March 2016|work=Vice|accessdate=20 October 2021}}{{cite web|url=https://www.bbc.co.uk/news/technology-56650387|title=Tool checks phone numbers from Facebook data breach|date=6 April 2021|website=BBC News Online}}{{cite web|url=https://www.bbc.co.uk/news/technology-54418933|title=Grindr accounts could be easily hacked with email address|date=5 October 2020|website=BBC News Online}}{{cite web|url=https://www.bbc.co.uk/news/technology-48423954|title=Baltimore ransomware attack: NSA faces questions|date=27 May 2019|website=BBC News Online}}{{cite web|url=https://www.foxnews.com/tech/data-from-internet-connected-teddy-bears-held-ransom-security-expert-says|title=Data from internet-connected teddy bears held ransom, security expert says|last=Rogers|first=James|date=1 March 2017|website=Fox News}}{{cite web|url=https://edition.cnn.com/2016/09/23/opinions/yahoo-hack-nothing-is-safe-arthur-opinion/index.html|title=Yahoo hack is a reminder that nothing is safe|last=Arthur|first=Charles|date=23 September 2016|website=CNN}} and data-breach expert.{{cite web|url=https://philstarlife.com/geeky/503212-diving-into-the-hobby-of-collecting-kpop-photocards|title=How to know if you're one of 880,000 Filipinos caught in Facebook's data leak|last=Lariosa|first=Saab|date=8 April 2021|website=The Philippine Star}}{{cite web|url=https://www.tripwire.com/state-of-security/security-data-protection/more-than-140gb-of-data-exposed-by-israeli-marketing-company/|title=More Than 140GB of Data Exposed by Israeli Marketing Company|last=Bisson|first=David|date=28 February 2020|website=Tripwire}}{{cite web|url=https://cisomag.eccouncil.org/foodora-data-breach/|title=Foodora Data Breach Impacts 727,000 Customers Across 14 Countries|date=17 June 2020|website=CISOMAG}}

{{As of|2018|June}}, HIBP had recorded more than 5 billion compromised user-accounts. Governments of Australia, United Kingdom{{cite web|url=http://www.gizmodo.co.uk/2018/03/the-government-uses-have-i-been-pwned-to-keep-tabs-on-data-breaches/|title=The Government Uses 'Have I Been Pwned' to Keep Tabs on Data Breaches|accessdate=1 June 2018}} and Spain use the service to monitor their official domains.{{Cite web|url= https://www.bankinfosecurity.com/breach-alert-service-uk-australian-governments-plug-in-a-10693|title= Breach Alert Service: UK, Australian Governments Plug In|website= www.bankinfosecurity.com|language= en|access-date= 2019-01-04}} Popular services, such as 1Password,{{cite web|url=https://www.engadget.com/2018/02/23/1password-check-password-leaked/|title= 1Password now lets you see if your password has been leaked|date= 23 February 2018|first=Mallory|last= Locklear|publisher=Engadget|accessdate=17 January 2019}} Eve Online, Okta{{cite web|url=https://techcrunch.com/2018/05/23/oktas-passprotect-checks-your-passwords-with-have-i-been-pwned/|title=Okta's PassProtect checks your passwords with 'Have I Been Pwned'|date=23 May 2018 |accessdate=1 June 2018}} and Kogan, have integrated HIBP into their account-verification process.

Gizmodo included HIBP in its October 2018 list of "100 Websites That Shaped the Internet as We Know It".{{cite web|url= https://gizmodo.com/100-websites-that-shaped-the-internet-as-we-know-it-1829634771|title= 100 Websites That Shaped the Internet as We Know It|date= 19 October 2018|accessdate=31 October 2018}}

In August 2015, following the Ashley Madison data breach, Hunt received many emails from Ashley Madison members asking for help. He criticized the company for doing a poor job informing its userbase.

In February 2016 children's toy-maker VTech, who had suffered a major data breach months earlier, updated its terms of service to absolve itself of wrongdoing in the event of future breaches. Hunt, who had added the data from VTech's breach to the databases of Have I Been Pwned?, published a blog post harshly criticizing VTech's new policy, calling it "grossly negligent". He later removed the VTech breach from the database, stating that only two people besides himself had access to the data and wishing to reduce the chance of its spread.{{cite web|last1= Hunt|first1=Troy|title=Have I been pwned, opting out, VTech and general privacy things|url=https://www.troyhunt.com/have-i-been-pwned-opting-out-vtech-and/|accessdate=28 June 2016|date=8 April 2016}}

In February 2017 Hunt published details of vulnerabilities in the Internet-connected children's toy, CloudPets, which had allowed access to 820,000 user records as well as 2.2 million audio files belonging to those users.{{Cite news|url= https://www.bbc.co.uk/news/technology-39115001|title= Children's messages in CloudPets data breach|date= 28 February 2017|work= BBC News|access-date=6 August 2017|language=en-GB}}{{Cite news|url= https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults|title= CloudPets stuffed toys leak details of half a million users|last= Hern|first= Alex|date= 28 February 2017|work=The Guardian|access-date=6 August 2017|language=en-GB|issn=0261-3077}}

In November 2017 Hunt testified before the United States House Committee on Energy and Commerce about the impact of data breaches.{{cite web|url= https://energycommerce.house.gov/hearings/identity-verification-post-breach-world/|title=IDENTITY VERIFICATION IN A POST-BREACH WORLD|accessdate= 1 June 2018}}

Also in November 2017 Hunt joined Report URI, a project (launched in 2015 by Scott Helme) which allows real-time monitoring of CSP and HPKP violations on a website. He planned to bring funding and his expertise to the project.{{cite web|url= https://www.troyhunt.com/im-joining-report-uri/|title= I'm Joining Report URI!|date= November 2017|accessdate= 25 July 2018}}{{cite web|url= https://scotthelme.co.uk/the-next-steps-for-report-uri-io/|title=The next steps for Report URI

|accessdate= 25 July 2018}}

Hunt is known for his efforts in security education for computer and IT professionals. He has created several dozen courses on Pluralsight, an online education and training website for computer and creative professionals. He is one of the primary course authors for Pluralsight's Ethical Hacking path, a collection of courses designed for the Certified Ethical Hacker certification.{{cite web|url=https://www.pluralsight.com/authors/troy-hunt|title=Troy Hunt - Ethical Hacking Author - Pluralsight|publisher=Pluralsight|accessdate=20 September 2016}}{{Primary source inline|date=April 2023}}

Additionally, Hunt works in education by speaking at technology conferences and running workshops. His primary workshop, titled Hack Yourself First, aims to teach software developers with little security background how to defend their applications by looking at them from an attacker's perspective.{{cite web|url=https://www.computerworld.com/article/2955669/security/free-course-hack-yourself-first-before-the-bad-guys-do.html|title=FREE COURSE: Hack yourself first (before the bad guys do)|author=Computerworld staff|date=5 August 2015|work=Computerworld|publisher=IDG Communications|accessdate=4 April 2018}}{{cite web|url=https://www.troyhunt.com/workshops/|title=Troy Hunt: Workshops|last=Hunt|first=Troy|work=Troy Hunt|date=29 March 2016|accessdate=4 April 2018}}

On 24th March 2025, Hunt was targeted via a simple phishing campaign that hijacked his Mailchimp credentials. Over 16,000 email addresses were stolen, including data associated with the Email addresses, such as geolocation and IP addresses. Hunt discovered that his credentials were stolen after Mailchimp restricted his account due to reports of spam. Hunt wrote on his website that "Tiredness, was a major factor. I wasn't alert enough, and I didn't properly think through what I was doing".{{Cite web |date=2025-03-25 |title=A Sneaky Phish Just Grabbed my Mailchimp Mailing List |url=https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/ |access-date=2025-03-26 |website=Troy Hunt |language=en}}{{Cite web |last=Lawler |first=Richard |date=2025-03-26 |title=Everyone gets pwned eventually. |url=https://www.theverge.com/news/637003/everyone-gets-pwned-eventually |access-date=2025-04-15 |website=The Verge |language=en-US}}{{Cite news |last=Jones |first=Connor |date=2025-03-25 |title=Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish |url=https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/ |url-status=live |archive-url=http://web.archive.org/web/20250330213822/https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/ |archive-date=2025-03-30 |access-date=2025-04-15 |work=The Register |language=en}}

• 2011–present: Microsoft MVP for Developer Security{{cite web|url=https://mvp.microsoft.com/en-us/PublicProfile/4031649?fullName=Troy%20Hunt|title=Troy Hunt|accessdate=1 June 2018}}
• 2016–present: Microsoft Regional Director{{cite web|url=https://rd.microsoft.com/en-us/troy-hunt|title=Troy Hunt|accessdate=1 June 2018}}
• 2018: AusCERT's Individual Excellence in Information Security award{{cite web|url=https://www.cso.com.au/article/641857/auscert-2018-awards/|title=AusCERT 2018 - Awards|accessdate=1 June 2018|archive-date=28 January 2021|archive-url=https://web.archive.org/web/20210128073600/https://www2.cso.com.au/article/641857/auscert-2018-awards/|url-status=dead}}
• 2018: Grand Prix Prize for the Best Overall Security Blog, The European Security Blogger Award{{cite web|url=https://www.infosecurity-magazine.com/news/infosec18-european-blogger-winners/|title=#Infosec18: European Blogger Awards Winners Announced|date=5 June 2018|accessdate=11 June 2018}}

{{reflist|refs=

{{cite web|url=http://www.ibtimes.co.uk/vtech-hack-microsoft-security-researcher-troy-hunt-slams-grossly-negligent-security-approach-1542820|title=VTech hack: Microsoft security researcher Troy Hunt slams 'grossly negligent' security approach|last=Murdock|first=Jason|date=9 February 2016|work=International Business Times|accessdate=21 March 2016}}

{{cite web|url=http://www.businessinsider.com/ashley-madison-not-communicating-with-customers-troy-hunt-2015-8?r=UK&IR=T|title=Ashley Madison not communicating with customers: Troy Hunt|last=Price|first=Rob|date=24 August 2015|work=Business Insider|accessdate=21 March 2016}}

}}

• {{commons category-inline}}
• {{official website|https://www.troyhunt.com}}

{{DEFAULTSORT:Hunt, Troy}}

Category:Living people

Category:Computer security specialists

Category:Australian computer specialists

Category:Australian male bloggers

Category:1977 births