Meet the Man Trying to Stem the Tide of Online Identity Theft

Fagjun | Published 2017-12-09 16:33

Data breaches and identity theft are becoming all too common, but most of us don’t know how to deal with it. Luckily, Troy Hunt is there to help.

data breach and theft

Image via Getty Images



Have you ever been “pwned”? The word “pwned”, which is a deliberate misspelling of “owned”, has been part of gamer jargon for quite a while now. If you’ve been pwned, that means you’ve been defeated, crushed, ground to the dirt. It’s the kind of feeling of loss that victims of identity theft and data breaches have no doubt felt. After all, how do you fight against an enemy that you can’t even see?


It seems that data breaches, big or small or massive, are becoming part of the “new normal”. They shouldn’t be. There has already been so much personal information publicly exposed online, either through data theft or voluntary social media posts. Security researcher Troy Hunt has thus taken it upon himself to help ordinary people that have had their personal data exposed and exploited by hackers.

Getting Pwned

Troy Hunt giving his testimony at Congress [Photo by Carolyn Kaster, AP]

Troy Hunt giving his testimony at Congress [Photo by Carolyn Kaster, AP]



Hunt set up his website, with the catchy name of “Have I Been Pwned?”, back in 2013. The site offers a free service that people can use to figure out of their personal data have been exposed or leaked. All you need to do is input is your email address, and the website can work to find out if you’ve been pwned in one way or another. If you haven’t, a message appears on the screen telling you the good news. You can also choose to ask the site for a notification if ever your email does come up in data breaches.


The site isn’t the only thing that Hunt has busied himself with. He has also closely studied the nature of data breaches, as well as the things that make companies vulnerable to attacks. His work has been so thorough that in some instances, he’s managed to identify data thefts even before the victimized company has realized what has happened.


"Data breaches are another commodity, like heroin," Hunt said in his testimony before the House Energy and Commerce Committee. He had appeared in Congress to aid lawmakers in dealing with massive data thefts, like the theft of the sensitive information of hundreds of millions of people tied to the credit bureau Equifax.

Knowledge as Defense

identity theft

Image vua Shutterstock



When Hunt launched “Have I Been Pwned?”, he was working as a software architect at Pfizer. Later on, he began working as an information security consultant. Hunt originally launched his site "as a bit of a curiosity," he said. In analyzing information on data breaches around the internet, he realized that a lot of people were turning up in the numerous known data breaches. "It struck me that this was something they probably didn't know," Hunt explained.


He then launched the site so people can find out if they’ve been effectively pwned. Though the site by itself can’t really do much by way of preventing data theft, it can bring data thefts to people’s attention. That way, they can take necessary steps to somehow plug the leak or do some damage control.

Hey! Where are you going?? Subscribe!

Get weekly science updates in your inbox!