[Thorentis]

Sorry but, how is Have I Been Pwned anything but a text search of data that is already publicly available?

Normally a company is valuable because of some kind of value add. Either they generate data nobody else can, or they do something with that data nobody else can. HIBP does neither of those things. It literally searches one column of a database, and tells you if there was a match. You could run HIBP using a total of 1 SQL query, with a fancy template in front. It's essentially just a hobby project of a software dev. who wants something to do on the side. It is infinitely more valuable to Troy as a resume booster than to any company.

[OJFord]

I reckon HIBP adds at least (far more, tbh) as much value over 'text search of data that is already available' ad Dropbox does over 'FTP dump'.

[bawolff]

> Sorry but, how is Have I Been Pwned anything but a text search of data that is already publicly available?

To be fair, google is also a (very glorified) text search of publicly available data when you get right down to it. Value is a combination of how useful you are to other people and how popular you are with other people, not how technically complicated you are. HIBP is both useful and popular - hence its valuable.

[peterkelly]

From the article:

"Anyone can cobble together a website with some APIs and load in a ton of data breaches, but establishing trust is a whole different story. Trust in the way I run the service is an absolutely pivotal part of HIBP and it's something I built organically rather than setting out to earn it, now here I was with big companies putting a value on it."

[Thorentis]

Yeah, so it's nothing but branding. There is nothing about this site that requires trust, since the data is already available. HIBP got popular on Twitter / the internet and is now a well known name in cyber.

[Gigablah]

Well, to be pedantic, it's not just a simple SQL query, it's also a percolation query server and notification system.

It's like saying that Pingdom is nothing more than a cron job.

[DreamSpinner]

The reason that trust is important could be to do with verifying breaches.

In some of his articles discussing various breaches, he mentions reaching out to selected (potential) victims to verify some of the details.

Doing that does require a fair amount of trust by various victims of the people asking to verify.

If I was randomly contacted to verify some details in a breach, I'd be skeptical it was a phishing scheme.

If I was randomly contacted by Troy Hunt / HIBP - then I'd look at it much more seriously.