UK and Australia are monitoring their domains with Have I Been Pwned
A lot of people have used Troy Hunt’s Have I Been Pwned to see if their email addresses are attached to any services that have experienced data breaches. Large organizations can also use it to search their domain names as a group and now, the service counts the UK and Australian governments among them.
As Hunt explained in a blog post: “Amongst those verified domain searches are government departments and they too are enormously varied; local councils, legal and health services, telecoms and infrastructure etc…The thing is, loads of government departments within different countries have all been running these searches independently and that means an awful lot of duplication of effort has been going on.”
So, to make things more efficient, he’s set up the service to allow the UK’s National Cyber Security Centre and the Australian Cyber Security Centre to be able to search for any .gov.uk or .gov.au domain, respectively. This way, the governments can search all government-associated domains all at one time rather than each individual department having to do it separately themselves.
Regarding why he’s providing the service for free, Hunt said “We really want governments to do their best to protect the folks working in their departments; many of them are working in capacities that help protect our respective nations from all sorts of threats and increasingly, as we all know, that means online threats as well.”
Hunt’s tools are incredibly popular. Recently, Hunt’s leaked password search service Pwned Passwords was incorporated into 1Password, making it easy for 1Password subscribers to check if their passwords have been exposed in any number of data breaches. Others who have implemented the new version of Pwned Passwords include Cloudflare, Nextcloud, Azure Functions and Iowa State University.
Source: Troy Hunt