Have I Been Pwned enlists KPMG to find a buyer

The website has a solid reputation for its efforts to improve consumer cybersecurity — and it also serves 3 million people with breach notifications.

As the mergers and acquisitions activity in the cybersecurity industry continues at a feverish pace, one of its more consumer-friendly brands — the breach-notification database Have I Been Pwned — is hoping for a new home.

Have I Been Pwned, a website where visitors can check if their email address has been compromised, is exploring a sale, founder Troy Hunt revealed in a blog post Tuesday. Since its debut in 2013 the site has won praise as a uniquely free and user-friendly way for individuals to get information about incidents. Nearly 3 million people have subscribed to its breach notifications, and 120,000 individuals use it to monitor web domains.

Now, Hunt says he will be working with the mergers and acquisitions team at the professional service firm KPMG to search for a potential buyer. He’s calling the process Project Svalbard — an allusion to a massive bank of plant seeds in Norway.

“[I]’m already starting to see a pattern emerge around better managing the entire data breach ecosystem,” he wrote. “Imagine a future where I’m able to source and process much more data, proactively reach out to impacted organisations, guide them through the process of handling the incident, ensure impacted individuals like you and me better understand our exposure (and what to do about it) and ultimately, reduce the impact of data breaches on organisations and consumers alike.”


Hunt did not mention any of the organizations with which he’s spoken about a possible deal, and kept quiet about the financial terms he might be considering. But he explains he intends to remain involved with Have I Been Pwned, to keep consumer searches freely available and aim for a much larger audience of people.

Have I Been Pwned was in the news Monday, when the site helped announce that 1.1 million user accounts from the gaming website Emuparadise had been compromised. Mozilla’s Firefox added a function last year that allowed users to learn about data breaches via a tool based on the Have I Been Pwned database.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts