HOME

TheInfoList



Click Here for Items Related To - Troy Hunt
OR:
Troy Hunt on:   [Wikipedia]   [Google]   [Amazon]

Troy Adam Hunt is an Australian web security
consultant A consultant (from "to deliberate") is a professional (also known as ''expert'', ''specialist'', see variations of meaning below) who provides advice or services in an area of specialization (generally to medium or large-size corporations). Cons ...
known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a
data breach A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information". Attackers have a variety of motives, from financial gain to political activism, political repression, and espionage. There ...
search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on
Pluralsight Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonn ...
, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on
ASP.NET ASP.NET is a server-side web-application framework designed for web development to produce dynamic web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, applications and services. The name stands for Ac ...
websites.


Data breaches

As part of his work administering the Have I Been Pwned? (HIBP) website, Hunt has been involved in the publication of 644 data breaches , and journalists cite him as a cybersecurity expert and data-breach expert. , HIBP had recorded more than 5 billion compromised user-accounts. Governments of
Australia Australia, officially the Commonwealth of Australia, is a country comprising mainland Australia, the mainland of the Australia (continent), Australian continent, the island of Tasmania and list of islands of Australia, numerous smaller isl ...
,
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...
and
Spain Spain, or the Kingdom of Spain, is a country in Southern Europe, Southern and Western Europe with territories in North Africa. Featuring the Punta de Tarifa, southernmost point of continental Europe, it is the largest country in Southern Eur ...
use the service to monitor their official domains. Popular services, such as
1Password 1Password is a password manager developed by the Canadian software company AgileBits Inc. It supports multiple platforms such as iOS, Android, Windows, Linux, and macOS. It provides a place for users to store various passwords, software licenses ...
, '' Eve Online'',
Okta In meteorology, an okta is a scale of measurement used to describe the amount of cloud cover at any given location such as a weather station. Sky conditions are estimated in terms of how many eighths of the sky are covered in cloud, ranging fro ...
and
Kogan Kogan () is a Russian spelling variant of the Jewish surname Cohen. * Aleksandr Kogan, several people * Artur Kogan (born 1974), Israeli chess master * Belle Kogan (1902–2000), American industrial designer * Boris Kogan (1940–1993), Russi ...
, have integrated HIBP into their account-verification process.
Gizmodo ''Gizmodo'' () is a design, technology, science, and science fiction website. It was originally launched as part of the Gawker Media network run by Nick Denton. ''Gizmodo'' also includes the sub-blogs ''io9'' and ''Earther'', which focus on pop ...
included HIBP in its October 2018 list of "100 Websites That Shaped the Internet as We Know It". In August 2015, following the Ashley Madison data breach, Hunt received many emails from Ashley Madison members asking for help. He criticized the company for doing a poor job informing its userbase. In February 2016 children's toy-maker VTech, who had suffered a major data breach months earlier, updated its terms of service to absolve itself of wrongdoing in the event of future breaches. Hunt, who had added the data from VTech's breach to the databases of Have I Been Pwned?, published a blog post harshly criticizing VTech's new policy, calling it "grossly negligent". He later removed the VTech breach from the database, stating that only two people besides himself had access to the data and wishing to reduce the chance of its spread. In February 2017 Hunt published details of vulnerabilities in the Internet-connected children's toy, CloudPets, which had allowed access to 820,000 user records as well as 2.2 million audio files belonging to those users. In November 2017 Hunt testified before the
United States House Committee on Energy and Commerce The Committee on Energy and Commerce is one of the oldest standing committee (United States Congress), standing committees of the United States House of Representatives. Established in 1795, it has operated continuously—with various name chang ...
about the impact of data breaches. Also in November 2017 Hunt joined Report URI, a
project A project is a type of assignment, typically involving research or design, that is carefully planned to achieve a specific objective. An alternative view sees a project managerially as a sequence of events: a "set of interrelated tasks to be ...
(launched in 2015 by Scott Helme) which allows real-time monitoring of CSP and HPKP violations on a website. He planned to bring funding and his expertise to the project.


Personal data breach

On 24th March 2025, Hunt was targeted via a simple
phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
campaign that hijacked his
Mailchimp Mailchimp is a marketing automation and email marketing platform. "Mailchimp" is the trade name of its operator, Rocket Science Group, an American company founded in 2001 by Ben Chestnut and Mark Armstrong, with Dan Kurzius joining at a later ...
credentials. Over 16,000
email Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
addresses were stolen, including data associated with the Email addresses, such as
geolocation Geopositioning is the process of determining or estimating the geographic position of an object or a person. Geopositioning yields a set of Geographic coordinate system, geographic coordinates (such as latitude and longitude) in a given map datum ...
and
IP addresses An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface id ...
. Hunt discovered that his credentials were stolen after clicking on the phishing email which falsely stated that his account was restricted due to reports of spam, and he was required to login to review the details. Hunt wrote on his website that "Tiredness, was a major factor. I wasn't alert enough, and I didn't properly think through what I was doing".


Education

Hunt is known for his efforts in security education for computer and IT professionals. He has created several dozen courses on
Pluralsight Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonn ...
, an online education and training website for computer and creative professionals. He is one of the primary course authors for Pluralsight's Ethical Hacking path, a collection of courses designed for the Certified Ethical Hacker certification. Additionally, Hunt works in education by speaking at technology conferences and running workshops. His primary workshop, titled Hack Yourself First, aims to teach software developers with little security background how to defend their applications by looking at them from an attacker's perspective.


Awards and achievements

* 2011–present: Microsoft MVP for Developer Security * 2016–present: Microsoft Regional Director * 2018:
AusCERT AusCERT is a non-profit organisation founded in 1993 that provides advice, education and solutions to cybersecurity threats and vulnerabilities. Their office is located on the University of Queensland campus. History In the early 1990s, Au ...
's Individual Excellence in Information Security award * 2018: Grand Prix Prize for the Best Overall Security Blog, The European Security Blogger Award


References


External links

* * {{DEFAULTSORT:Hunt, Troy Living people Computer security specialists Australian computer specialists Australian male bloggers 1977 births