The FBI works with Have I Been Pwned and gives him the security codes he holds on the bases data of and which have been leaked. Also the HIBP control service is becoming open source.
Have I Been Pwned (HIBP), a website created and maintained by security researcher Troy Hunt, is one of top destinations to find out if your email or password was part of a data breach.
Hunt, who is also Microsoft's regional security director, announced last night that makes the site open source so that other developers can contribute to the project and make it easier to find your compromised credentials. For the record, had announced his intention to sell it or make it available to other services.
As a first step, the Hunt Foundation and .NET are making the password module open source. The whole structure will not be done but only the password module. This page that essentially allows you to check if any of your passwords were part of a data leak.
In addition, HIBP is working with the FBI, which will help strengthen the database with its own set of compromised codes.
The FBI will share the passwords as hash pairs SHA-1 and NTLM, which can then be searched for using the service or obtained as part of the Pwned Password list.
Pwned's password module allows users to download compromised passwords as SHA-1 or NTLM password lists, which can be used outside connections by Windows administrators to check if they are used on their network.
Earlier this week, Hunt noted that the HIBP website is approaching 1 billion monthly requests for password and email identity leaks.