Troy Hunt is turning Have I Been Pwned into an essential pwning monitoring service. The service monitors security breaches and password leaks so that you and your users remain secure. And now, the U.K. and Australian governments are monitoring their own domain names using the service.
Most people are familiar with the consumer-facing version of Have I Been Pwned. You go on Have I Been Pwned’s website and enter your email address. It shows you a list of services that you use and that have been hacked.
Many of those password databases leak in the wild, so the service checks your email addresses against those databases to show you how you’ve been exposed. And if you’ve been using Dropbox, LinkedIn, Tumblr or Adobe services, chances are you’ve been pwned.
That’s why you should be using a different password on each online service. This way, if your password leaks, nobody can connect to another service. Everything is sandboxed, you can just change the password on the hacked service.
And because nothing is secure anymore, you should activate two-factor authentication wherever you can. A password simply doesn’t cut it anymore.
Have I Been Pwned also lets you monitor all email addresses ending with the same domain name. For instance, if you run a company, you can monitor all the email addresses that end with @myawesomecompany.com to see if any of your employee has been affected by a security breach.
This information is particularly important if you have a sensitive job for the government for instance. If you work for the British Home Office and use your @homeoffice.gsi.gov.uk email address to back something on Kickstarter, your Kickstarter password is now out there.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
A hacker could try and re-use this password on your email address, send emails to other government members to ask for classify documents, etc.
Anyone can monitor a domain name by proving that you actually own the domain name (otherwise it would be a potential security breach). Hunt is now working with governments to make it easier to monitor all government domain names for free.
So the National Cyber Security Centre (NCSC) can now query all .gov.uk domain names, and the Australian Cyber Security Centre (ACSC) can query all .gov.au domain names. Pretty neat.
