Troy Hunt


Troy Hunt is an Australian web security expert known for public education and outreach on security topics. He created Have I Been Pwned?, a data breach search website that allows non-technical users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He also is the creator of ASafaWeb, a tool that performs automated security analysis on ASP.NET websites. Starting in 2011, Hunt was named a Microsoft Most Valuable Professional in Developer Security, and was recognized as a Microsoft MVP of the Year in 2011. He was also named a Microsoft Regional Director in 2016.

Data breaches

As part of his work administering the Have I Been Pwned? website, Hunt is frequently involved in the publication of data breaches, and journalists often cite him as a data-breach expert.
HIBP had recorded more than 5 billion compromised user-accounts. Governments of Australia, United Kingdom and Spain use the service to monitor their official domains. Popular services, such as 1Password, Eve Online, Okta or Kogan have integrated HIBP into their account-verification process.
Gizmodo included HIBP in its October 2018 list of "100 Websites That Shaped the Internet as We Know It".
In August 2015, following the Ashley Madison data breach, Hunt received many emails from Ashley Madison members asking for help. He criticized the company for doing a poor job informing its userbase.
In February 2016 children's toy-maker VTech, who had suffered a major data breach months earlier, updated its terms of service to absolve itself of wrongdoing in the event of future breaches. Hunt, who had added the data from VTech's breach to the databases of Have I Been Pwned?, published a blog post harshly criticizing VTech's new policy, calling it "grossly negligent". He later removed the VTech breach from the database, stating that only two people besides himself had access to the data and wishing to reduce the chance of its spread.
In February 2017 Hunt published details of vulnerabilities in the Internet-connected children's toy, CloudPets, which had allowed access to 820,000 user records as well as 2.2 million audio files belonging to those users.
In November 2017 Hunt testified before the United States House Committee on Energy and Commerce about the impact of data breaches.
Also in November 2017 Hunt joined Report URI, a project which allows real-time monitoring of CSP and HPKP violations on a website. He planned to bring funding and his expertise to the project.

Education

Hunt is known for his efforts in security education for computer and IT professionals. He has created several dozen courses on Pluralsight, an online education and training website for computer and creative professionals. He is one of the primary course authors for Pluralsight's Ethical Hacking path, a collection of courses designed for the Certified Ethical Hacker certification.
Additionally, Hunt works in education by speaking at technology conferences and running workshops. His primary workshop, titled Hack Yourself First, aims to teach software developers with little security background how to defend their applications by looking at them from an attacker's perspective.

Awards and achievements