Whenever a big hack occurs, Troy Hunt is one of the first responders on the scene.
As one of cybersecurity’s biggest public figures, he’s made it his mission to educate the world about data breaches, information security, and computer safety. His website, Have I Been Pwned, has helped millions of people secure their personal information after a hack.
And whether he’s teaching an online class or speaking in front of Congress, when Troy Hunt talks about cybersecurity, the world listens.
Troy Hunt at a Glance
- Australian-born Troy Hunt spent his childhood moving around the world and honing his computer skills.
- At university, he began teaching himself web development after finding out that his school offered no internet-related courses.
- Hunt worked for various web application companies before settling as a developer at Pfizer, where he worked for 14 years.
- Meanwhile, he began speaking at cybersecurity conferences, creating online security courses, and researching data breaches.
- In 2013, Hunt created Have I Been Pwned, a website that allows people to find out when their data has been compromised by a leak.
- The site, along with high-profile breaches of sites like Ashley Madison and LinkedIn, put Hunt under the global spotlight as a cybersecurity guru.
The Life of Troy Hunt
Troy Hunt’s Early Life
Born in Australia in 1976, Troy Hunt’s interest in computers took off in the late ’80s when his family moved from Victoria to the Netherlands.
Though Hunt had been a sports lover who spent his time playing ball with his friends, the move to a colder climate forced him to find more indoor hobbies. The family computer and its assortment of video games drew him in, and he soon became fixated on finding bugs, glitches, and easter eggs within them.
Two years later, the Hunt family moved to Singapore, then home to some of the world’s most advanced consumer tech. Hunt was captivated by the shiny new gadgets and took a part-time tech support job at a satellite engineering company to earn a bit of money and gain more computer skills.
When Hunt was 18, the family moved back to Australia, and Hunt resumed his sporting life. He considered becoming a professional windsurfer or martial artist but decided instead to enroll at Griffith University in Brisbane as a computer science major.
Hunt Forges His Own Path
At college, Hunt encountered the internet for the first time and was immediately transfixed. The potential of the web seemed limitless, and building websites felt like a natural calling for him.
Stay One Step Ahead of Cyber Threats
Before long, Hunt had amassed so many clients that his university work became overwhelming. He switched to part-time study briefly but soon dropped out altogether — academia hadn’t been a good fit for him, and he wasn’t learning what he wanted to learn anyway.
Hunt found work building web systems for a company called Dynamic Programming Solutions, which served various local travel and gambling organizations. In 1999, after two years with Dynamic Programming Solutions, he moved to London to work for Proxicom, one of the world’s leading web development companies.
The new role gave Hunt extensive experience with web application design frameworks like ColdFusion and ASP.NET, through which he learned all the ins and outs of the internet. After a year, though, he returned to Australia and spent a brief period building interactive TV interfaces before settling into a more permanent position with Pfizer.
The Pfizer Years
At Pfizer, Hunt moved from department to department in various development roles for 14 years. The final 7 of those were spent as the head of application architecture for the entire Asia-Pacific region, which gave him ample insight into corporate web systems.
Hunt’s work for Pfizer, as well as his cybersecurity blog and speaking engagements, earned him accolades from companies like Microsoft, which awarded him the title of “Most Valuable Professional” in Developer Technologies in 2011.
But towards the end of his tenure at Pfizer, Hunt began to dread coming to work. Most of his duties involved managing others, but what he really wanted to do was write code.
In his free time, he continued writing his popular blog, which featured posts about application security and data breaches. He also began creating online cybersecurity courses for Pluralsight, including a wildly popular one titled “Hack Yourself First: How to Go on the Cyber-Offense”.
But in between his responsibilities, Hunt dreamed of a new programming project, one that involved lots of data and focused on helping people rather than generating profits.
The Birth of HIBP
In October 2013, the Adobe data breach, which compromised 153 million accounts, made international headlines. Hunt read the news and knew he had his concept: a service that tracked data breaches and informed people when their personal information had been compromised.
He called his new creation “Have I Been Pwned”, or HIBP for short. A user could enter their email address and have the website scan various leaked databases to see if their account was involved, then get email updates whenever a new leak occurred.
HIBP debuted in December 2013, and within weeks it was generating buzz in the media. Hunt made it his mission to add new breaches as soon as possible, a demanding task even without a high-stress corporate job to balance it with.
In April 2015, just as the discontent at work was becoming truly unbearable, Pfizer told Hunt that his position had been made redundant and laid him off.
The job loss came as an odd relief to Hunt, who now felt free to focus on HIBP and other independent projects. And it couldn’t have come at a better time: one of the worst breaches in history was on the horizon.
The Ashley Madison Breach
In July 2015, the dating website Ashley Madison was hacked, and more than 30 million users’ data was leaked. Ashley Madison was primarily used for extramarital affairs, making such data extremely sensitive.
For some, the breach was a matter of life or death: over 1,000 accounts were registered in Saudi Arabia, where adultery is punishable by execution. And as soon as the data was released, trolls began sending death threats and extortion demands to leaked email addresses.
Hunt knew that this breach needed to be handled with care. He didn’t want the Ashley Madison accounts to be publicly searchable on HIBP, so he implemented functionality that emailed victims privately instead.
Despite this, traffic to HIBP skyrocketed. The site, which previously received around 100,000 visits a day, got well over a million hits on day one of the leak — and soon, Hunt saw that server load had increased by a whopping 57,000%.
Hunt’s Profile Grows
The Ashley Madison leak brought ample publicity to HIBP and Hunt himself, who was now spending much of his time giving interviews to major publications about his project.
Seeing how large his platform had grown, Hunt began creating more beginner-oriented courses for Pluralsight. His topics ranged from social engineering to cloud computing to IoT threats, and he became the primary author for the site’s Ethical Hacking certification track.
Meanwhile, he continued updating HIBP with new data breaches, which arrived in a flood in 2016: over 800 million MySpace, LinkedIn, Tumblr, VK, and Fling.com accounts were compromised.
That year, Microsoft named Hunt as the newest Microsoft Regional Director of Security and Cloud Computing, an honorary title considered one of the most prestigious awards in computing.
And in 2017, Hunt’s expertise led him to testify in Congress before the House Committee on Energy and Commerce, giving representatives a crash course on data breaches and online security.
Troy Hunt Today
In 2019, a leak involving over 773 million accounts brought HIBP to the headlines yet again, and the publicity was beginning to wear on Hunt. He briefly sought new ownership for HIBP, though in March 2020, he announced that the site would remain independent.
Five months later, Hunt announced that he was planning to open-source HIBP, allowing other developers to make improvements to it or create their own versions.
Today, Hunt resides on the Gold Coast of Australia with his family. He travels the world giving speeches on cybersecurity and enjoying new outdoor adventures, though he’s always prepared to handle the latest data breach when it inevitably comes around.
Troy Hunt: Pwning the Pwners
So much of cybersecurity is gatekept behind technical jargon, leaving it incomprehensible to the average person caught up in a data breach.
Troy Hunt and Have I Been Pwned bridge that gap, making it quick and easy for anyone to find out if they’ve been compromised — and empowering them to do something about it.
The Internet of Pwned Things – Troy Hunt (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional