Troy Adam Hunt is an Australian

web security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...

consultant known for public education and outreach on security topics. He created

Have I Been Pwned? Have I Been Pwned? (HIBP; with "Pwned" pronounced like "poned", and stylized in all lowercase as "';--have i been pwned?" on the website) is a website that allows Internet users to check whether their personal data has been compromised by ...

, a

data breach A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, info ...

search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on

Pluralsight Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonna ...

, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on

ASP.NET ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, applications and services. The name s ...

websites.

Data breaches

As part of his work administering the Have I Been Pwned? (HIBP) website, Hunt has been involved in the publication of 644 data breaches , and journalists cite him as a cybersecurity expert and data-breach expert. HIBP had recorded more than 5 billion compromised user-accounts. Governments of

Australia Australia, officially the Commonwealth of Australia, is a Sovereign state, sovereign country comprising the mainland of the Australia (continent), Australian continent, the island of Tasmania, and numerous List of islands of Australia, sma ...

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and North ...

and

Spain , image_flag = Bandera de España.svg , image_coat = Escudo de España (mazonado).svg , national_motto = ''Plus ultra'' (Latin)(English: "Further Beyond") , national_anthem = (English: "Royal March") , i ...

use the service to monitor their official domains. Popular services, such as 1Password,

Eve Online ''Eve Online'' (stylised ''EVE Online'') is a space-based, persistent world massively multiplayer online role-playing game (MMORPG) developed and published by CCP Games. Players of ''Eve Online'' can participate in a number of in-game profess ...

Okta In meteorology, an okta is a unit of measurement used to describe the amount of cloud cover at any given location such as a weather station. Sky conditions are estimated in terms of how many eighths of the sky are covered in cloud, ranging from ...

Kogan Kogan (russian: Ко́ган) is a Russian spelling variant of the Jewish surname Cohen. * Aleksandr Kogan — several people * Artur Kogan (born 1974), Israeli chess master * Belle Kogan (1902–2000), American industrial designer * Boris Kog ...

have integrated HIBP into their account-verification process.

Gizmodo ''Gizmodo'' ( ) is a design, technology, science and science fiction website. It was originally launched as part of the Gawker Media network run by Nick Denton, and runs on the Kinja platform. ''Gizmodo'' also includes the subsite ''io9'', whic ...

included HIBP in its October 2018 list of "100 Websites That Shaped the Internet as We Know It". In August 2015, following the

Ashley Madison data breach In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to releas ...

, Hunt received many emails from

Ashley Madison Ashley Madison, or The Ashley Madison Agency, is a Canadian online dating service and social networking service marketed to people who are Marriage, married or in relationships. The site has been widely condemned for being a "business built on t ...

members asking for help. He criticized the company for doing a poor job informing its userbase. In February 2016 children's toy-maker VTech, who had suffered a major data breach months earlier, updated its terms of service to absolve itself of wrongdoing in the event of future breaches. Hunt, who had added the data from VTech's breach to the databases of Have I Been Pwned?, published a blog post harshly criticizing VTech's new policy, calling it "grossly negligent". He later removed the VTech breach from the database, stating that only two people besides himself had access to the data and wishing to reduce the chance of its spread. In February 2017 Hunt published details of vulnerabilities in the Internet-connected children's toy,

CloudPets CloudPets was an Internet-connected soft toy manufactured by now defunct Spiral Toys that was the subject of numerous security vulnerabilities in February 2017. The plush teddy bear-style toys used Bluetooth to connect to a parent's smartphone to a ...

, which had allowed access to 820,000 user records as well as 2.2 million audio files belonging to those users. In November 2017 Hunt testified before the

United States House Committee on Energy and Commerce The Committee on Energy and Commerce is one of the oldest standing committees of the United States House of Representatives. Established in 1795, it has operated continuously—with various name changes and jurisdictional changes—for more tha ...

about the impact of data breaches. Also in November 2017 Hunt joined Report URI, a

project A project is any undertaking, carried out individually or collaboratively and possibly involving research or design, that is carefully planned to achieve a particular goal. An alternative view sees a project managerially as a sequence of even ...

(launched in 2015 by Scott Helme) which allows real-time monitoring of CSP and HPKP violations on a website. He planned to bring funding and his expertise to the project.

Education

Troy Hunt - 50 Shades of AppSec still frame

Hunt is known for his efforts in security education for computer and IT professionals. He has created several dozen courses on

, an online education and training website for computer and creative professionals. He is one of the primary course authors for Pluralsight's Ethical Hacking path, a collection of courses designed for the

Certified Ethical Hacker Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same knowledge an ...

certification. Additionally, Hunt works in education by speaking at technology conferences and running workshops. His primary workshop, titled Hack Yourself First, aims to teach software developers with little security background how to defend their applications by looking at them from an attacker's perspective.

Awards and achievements

* 2011–present: Microsoft MVP for Developer Security. * 2016–present: Microsoft Regional Director. * 2018: AusCERT's Individual Excellence in Information Security award. * 2018: Grand Prix Prize for the Best Overall Security Blog, The European Security Blogger Award.

References

External links

* * {{DEFAULTSORT:Hunt, Troy Living people Computer security specialists Australian computer specialists Australian bloggers 1977 births