The report covers detailed competitive outlook including the market share and company profiles of the key participants operating in the global market. Key players profiled in the report include Akamai Technologies, Inc. (U.S.), F5 Networks (U.S.), Imperva, Inc. (U.S.), Arbor Networks, Inc. (U.S.), Radware, Ltd. (Israel), Corero Network Security, Inc. (U.S.), Neustar, Inc. (U.S.), Cloudflare, Inc. (U.S.), Nexusguard, Ltd. (U.S.), and DOSarrest Internet Security, Ltd. (Canada), service providers, and system integrators. Company profile includes assign such as company summary, financial summary, business strategy and planning, SWOT analysis and current developments.

The DDoS Protection Market is expected to exceed more than US$ 3 billion by 2024 at a CAGR of 21% in the given forecast period.

FYI, you will get latest updated report as per the COVID-19 Impact on this industry. Our updated reports will now feature detailed analysis that will help you make critical decisions.

Browse Full Report: https://www.marketresearchengine.com/ddos-protection-market

The DDoS Protection Market is segmented on the lines of its component, application area, deployment mode, organization size, vertical and regional. Based on component segmentation it covers solution, service, professional service, design and implementation, consulting services, training and education, support and maintenance, managed service. Based on application area segmentation it covers network, application, database, endpoint. Based on deployment mode segmentation it covers on-premises, cloud, hybrid. Based on organization size segmentation it covers small and medium enterprises (SMEs), large enterprises. Based on vertical segmentation it covers government and defense, banking, financial services, and insurance (BFSI), manufacturing, energy and utilities, it and telecom, healthcare, education, retail, others. The DDoS Protection Market on geographic segmentation covers various regions such as North America, Europe, Asia Pacific, Latin America, Middle East and Africa. Each geographic market is further segmented to provide market revenue for select countries such as the U.S., Canada, U.K. Germany, China, Japan, India, Brazil, and GCC countries.

A DDoS (Distributed Denial of Service) attack is an effort to exhaust the assets available to a network, application or service so that genuine users cannot gain access. DDoS attacks are a constant danger to businesses and organizations by threatening facility performance or to closed a website entirely, even for a short time. Unmistakably extra arrangements are expected to supplement existing security foundation in a layered resistance display.

The scope of the report includes a detailed study of global and regional markets on DDoS Protection Market with the reasons given for variations in the growth of the industry in certain regions.

This report provides:

1) An overview of the global market for DDoS Protection Market and related technologies.2) Analyses of global market trends, with data from 2015, estimates for 2016 and 2017, and projections of compound annual growth rates (CAGRs) through 2024.3) Identifications of new market opportunities and targeted promotional plans for DDoS Protection Market.4) Discussion of research and development, and the demand for new products and new applications.5) Comprehensive company profiles of major players in the industry.

The major driving factors of DDoS Protection Market are as follows:

The restraining factors of DDoS Protection Market are as follows:

The DDoS Protection Market has been segmented as below:

The DDoS Protection Market is Segmented on the lines of Vertical Analysis, Component Analysis, Application Area Analysis, Deployment Mode Analysis, Organization Size Analysis and Regional Analysis. By Vertical Analysis this market is segmented on the basis of Government and Defense, Banking, Financial Services, and Insurance (BFSI), Manufacturing, Energy and Utilities, IT and Telecom, Healthcare, Education and Retail. By Component Analysis this market is segmented on the basis of Solution, Service, Professional service, Design and implementation, Consulting services, Training and education, Support and maintenance and Managed service. By Application Area Analysis this market is segmented on the basis of Network, Application, Database and Endpoint.

By Deployment Mode Analysis this market is segmented on the basis of On-Premises, Cloud and Hybrid. By Organization Size Analysis this market is segmented on the basis of Small and Medium Enterprises (SMEs) and Large Enterprises. By Regional Analysis this market is segmented on the basis of North America, Europe, Asia-Pacific and Rest of the World.

Request Sample Report from here: https://www.marketresearchengine.com/ddos-protection-market

Table of Contents:

1 Introduction2 Research Methodology

2.1 Research Data2.1.1 Secondary Data2.1.1.1 Key Data From Secondary Sources2.1.2 Primary Data2.1.2.1 Key Data From Primary Sources2.1.2.2 Key Industry Insights2.1.2.3 Breakdown of Primary Interviews2.2 Market Size Estimation2.2.1 Bottom-Up Approach2.2.2 Top-Down Approach2.3 Market Breakdown and Data Triangulation2.4 Research Assumptions

3 Executive Summary

4 Premium Insights5 Market Overview

6 Industry Trends7 DDoS Protection Market Analysis, By Component8 DDoS Protection Market Analysis, By Application Area9 DDoS Protection Market Analysis, By Deployment Mode10 DDoS Protection Market Analysis, By Organization Size11 DDoS Protection Market Analysis, By Vertical12 DDoS Protection Market Analysis, By Region13 Competitive Landscape14 Company Profiles14.1 Introduction14.2 Arbor Networks, Inc.14.3 Akamai Technologies, Inc.14.4 F5 Networks, Inc.14.5 Imperva14.6 Radware Ltd.14.7 Corero Network Security, Inc.14.8 Neustar, Inc.14.9 Cloudflare, Inc.14.10 Nexusguard Ltd14.11 Dosarrest Internet Security Ltd

Other Related Market Research Reports:

Data Protection Market is Forecast to Cross US$ 120 Billion By 2023

Electrical SCADA Market is Expected to Cross US$ 4 Billion By 2023

Media Contact

Company Name: Market Research Engine

Contact Person: John Bay

Email:[emailprotected]

Phone: +1-855-984-1862

Country: United States

Website: https://www.marketresearchengine.com/

Excerpt from:
DDoS Protection Market 2020 | In-Depth Study On The Current State Of The Industry And Key Insights Of The Business Scenario By 2027 - Cole of Duty

Streaming marathons, gaming sessions, hours of work-from-home and study-from-home routines, and umpteen video-calls the goal is to stay connected with the outside world. As usage skyrockets, however, we grow more conscious of the networks upon which we rely not just whether or not the bandwidth is able to handle the increased traffic in our households, but more so the security.

It is a legitimate worry, after all, given the increased traffic has been easy bait for hackers to plant malware, launch phishing attacks and engage in other nefarious activities.

One of the simplest solutions to abate these worries is to use a trustworthy VPN or virtual private network. VPNs create a safe and encrypted connection over a less secure network, ie the Internet.

In fact, since the lockdowns kicked in across the country, bandwidth throttling has been on the rise; some Internet Service Providers slow down users traffic when they do not have adequate resources to meet the spike in demand. We also often do not notice when website URLs lack an https extension which uses Transport Layer Security protocol to encrypt data travelling between users and a website.

A simple Google search reveals some of the most reliable and popular VPNs have been NordVPN, ExpressVPN and SurfShark but buying a VPN is not as simple as popping into the hardware for an accessory; the process requires a little more technical surety.

First, different VPNs have various functions often prioritising one need over others, so take a stock of what you mostly do online: what takes up the most bandwidth in your home? For example, if you are doing a lot of transaction-based work with a lot of sensitive data (such as banking details or stock trading), your priority will be a VPN with a tough-to-crack security framework; if you are streaming and gaming a lot, you will lean towards a high-speed VPN.

When you find matches of VPNs to your primary needs, it helps to gauge the respective traits. If you like streaming outside your geographical location, some sites have VPN blocks, so be mindful of the fine print for the service that catches your eye.

Ideally, a VPN should be compatible with your devices, be it your laptop, tablet, smartphone, streaming sticks, or router. Also check the maximum device compatibility for your chosen VPN, given WFH environments entail multiple simultaneous connections. For those who are not-so technologically savvy but want the power of a VPN, pick one with a simple UX. Most VPNs are created to be as easy-to-use so as to appeal to as many users as possible. Also check out customer service reviews for your favoured VPNs; if something glitches, they would be your point-of-contact rather than your Internet Service Provider.

One would think payment plans would be at the top of this guide, but now with the increased demands for VPNs, providers have opened up payment plans for those who are on a tight budget during the pandemic. Plus, a money-back guarantee does not hurt either.

However, do not think that a VPN replaces a security system. You will still need a reliable anti-virus network that works well alongside the VPN, and regular vigilant behaviours of the user are still a priority. Happy browsing, everyone!

You have reached your limit for free articles this month.

To get full access, please subscribe.

Already have an account ? Sign in

Show Less Plan

Find mobile-friendly version of articles from the day's newspaper in one easy-to-read list.

Move smoothly between articles as our pages load instantly.

Enjoy reading as many articles as you wish without any limitations.

A one-stop-shop for seeing the latest updates, and managing your preferences.

A select list of articles that match your interests and tastes.

We brief you on the latest and most important developments, three times a day.

*Our Digital Subscription plans do not currently include the e-paper ,crossword, iPhone, iPad mobile applications and print. Our plans enhance your reading experience.

View post:
VPNs are the need-of-the-hour for safe and fast connections as we work-from-home - The Hindu

Security vulnerabilities in your home router have been the story for years, with the responsibility being placed at the feet of users to keep their router firmware updated. But a damning report by Fraunhofer says that router manufacturers themselves have taken years to issue patches, with potentially dozens of critical vulnerabilities lurking within older routers.

The June report by Fraunhofer-Institut fur Kommunikation (FKIE) extracted firmware images from routers made by Asus, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel127 in all. The report (as noted by ZDNet) compared the firmware images to known vulnerabilities and exploit mitigation techniques, so that even if a vulnerability was exposed, the design of the router could mitigate it.

No matter how you slice it, Fraunhofers study pointed out basic lapses in security across several aspects. At the most basic level, 46 routers didnt receive any updatesat all in the last year. Many used outdated Linux kernels with their own, known vulnerabilities. Fifty routers used hard-coded credentials, where a known username and password was encoded into the router as a default credential that asked the user to change itbut would still be there, accessible, if they did not.

FKIE could not find a single router without flaws. Nor could the institute name a single router vendor that avoided the security issues.

AVM does [a] better job than the other vendors regarding most aspects, the report concluded. Asus and Netgear do a better job in some aspects than D-Link, Linksys, TP-Link, and Zyxel. We contactedBelkin (Linksys) and D-Link, two vendors named in the report, for comment, but didnt hear back by press time.

In conclusion the update policy of router vendors is far behind the standards as we know it from desktop or server operating systems, FKIE said elsewhere in the report. However, routers are exposed to the internet 24 hours a day leading to an even higher risk of malware infection.

Fraunhofer broke down how router vendors have fallen short into several categories.

Days since the last firmware release:Although 81 routers were updated in the last 365 days before the FKIE gathered its results (March 27, 2019 to Match 27, 2020) the average number of days to the prior update, across all devices, was 378. FKIE said 27 of the devices had not been updated within two years, with the absolute worst stretching to 1,969 daysmore then five years.

Asus, AVM, and Netgear issued updates for all of their devices within a year and a half, at least. By comparison, most antivirus programs issue updates at least daily.

Age of the OS: Most routers run Linux, an open-source software model that offers researchers the ability to examine the basic Linux kernel code and apply patches. When the kernel itself is outdated, however, fundamental known vulnerabilities in the OS are ripe for exploitation. FKIE used the open-source Firmware Analysis and Comparison Tool (FACT) to extract the router firmware, finding that a third of the routers ran on top of the 2.6.36 Linux kernel, an older version. Thelast security update for kernel version 2.6.36 was provided nine years ago, the study found.

Critical vulnerabilities in the tested routers abounded. Theaverage number of critical vulnerabilities found for each router was 53, with even the best routers subject to 21 critical vulnerabilities (there were a whopping 348 high-rated vulnerabilities, too).

Exploit mitigation: Routers can be built to protect their kernel using a variety of exploit mitigation techniques, including the non-executable bit (NX) to mark a region of memory as non-executable. This was a common way of protecting the router, but FKIE found that the usage of exploit mitigation techniques was rare.

Private keys: We want to make it absolutely clear that there is no good reason to publish a private key, because a published private key does not provide any security at all! FKIE wrote. Publishing the private cryptographic key in the firmware allows an attacker to impersonate the device itself and do man in the middle attacks, an exploit that tries to fool the users PC and the server into believing that the attacker is the trusted router.

FKIE found that at least five private keys are published per firmware image. The Netgear R6800 provides a total number of 13 private keys in a single device. AVM was the only vendor FKIE found that did not publish private keys.

Hard-coded login credentials: You may already be familiar with hard-coded credentials: a router that uses admin and password as its default credentials. While that makes it easy to recover a lost password, it also makes it extremely easy for an attacker to take over your router. Furthermore, if the user cannot change a password, you might get a feeling that the password is related to a backdoor, FKIE wrote, implying that hard-coding credentials could have been added to allow monitoring of your device.

The good news is that more than 60% of the router firmware images do not have hard-coded login credentials, FKIE wrote. The bad news is that 50 routers do provide hard-coded credentials. Sixteen routers have well known or easy crackable credentials.

FKIEs report doesnt suggest choosing an open-source firmware replacement for your router, although that option is certainly available. Unfortunately, some of the firmware options are no longer maintained, or only work on a subset of (older) routers. Its disappointing that the easiest route for criminals to penetrate your home network appears to benot your PC, or your operating systembut the router youre using to connect to the rest of the world.

This story, "Revealed: How home router manufacturers dropped the ball on security" was originally published by PCWorld.

More:
Revealed: How home router manufacturers dropped the ball on security - TechHive

New Jersey, United States,- Market Research Intellect sheds light on the market scope, potential, and performance perspective of the Global Malaysia Internet of Things (IoT) Security Market by carrying out an extensive market analysis. Pivotal market aspects like market trends, the shift in customer preferences, fluctuating consumption, cost volatility, the product range available in the market, growth rate, drivers and constraints, financial standing, and challenges existing in the market are comprehensively evaluated to deduce their impact on the growth of the market in the coming years. The report also gives an industry-wide competitive analysis, highlighting the different market segments, individual market share of leading players, and the contemporary market scenario and the most vital elements to study while assessing the global Malaysia Internet of Things (IoT) Security market.

The research study includes the latest updates about the COVID-19 impact on the Malaysia Internet of Things (IoT) Security sector. The outbreak has broadly influenced the global economic landscape. The report contains a complete breakdown of the current situation in the ever-evolving business sector and estimates the aftereffects of the outbreak on the overall economy.

Leading Malaysia Internet of Things (IoT) Security manufacturers/companies operating at both regional and global levels:

To get Incredible Discounts on this Premium Report, Click Here @ https://www.marketresearchintellect.com/ask-for-discount/?rid=391476&utm_source=3WN&utm_medium=888

The Malaysia Internet of Things (IoT) Security market report provides successfully marked contemplated policy changes, favorable circumstances, industry news, developments, and trends. This information can help readers fortify their market position. It packs various parts of information gathered from secondary sources, including press releases, web, magazines, and journals as numbers, tables, pie-charts, and graphs. The information is verified and validated through primary interviews and questionnaires. The data on growth and trends focuses on new technologies, market capacities, raw materials, CAPEX cycle, and the dynamic structure of the Malaysia Internet of Things (IoT) Security market.

This study analyzes the growth of Malaysia Internet of Things (IoT) Security based on the present, past and futuristic data and will render complete information about the Malaysia Internet of Things (IoT) Security industry to the market-leading industry players that will guide the direction of the Malaysia Internet of Things (IoT) Security market through the forecast period. All of these players are analyzed in detail so as to get details concerning their recent announcements and partnerships, product/services, and investment strategies, among others.

Sales Forecast:

The report contains historical revenue and volume that backing information about the market capacity, and it helps to evaluate conjecture numbers for key areas in the Malaysia Internet of Things (IoT) Security market. Additionally, it includes a share of each segment of the Malaysia Internet of Things (IoT) Security market, giving methodical information about types and applications of the market.

Reasons for Buying Malaysia Internet of Things (IoT) Security Market Report

This report gives a forward-looking prospect of various factors driving or restraining market growth.

It renders an in-depth analysis for changing competitive dynamics.

It presents a detailed analysis of changing competition dynamics and puts you ahead of competitors.

It gives a six-year forecast evaluated on the basis of how the market is predicted to grow.

It assists in making informed business decisions by performing a pin-point analysis of market segments and by having complete insights of the Malaysia Internet of Things (IoT) Security market.

This report helps the readers understand key product segments and their future.

Have Any Query? Ask Our Expert @ https://www.marketresearchintellect.com/need-customization/?rid=391476&utm_source=3WN&utm_medium=888

In the end, the Malaysia Internet of Things (IoT) Security market is analyzed for revenue, sales, price, and gross margin. These points are examined for companies, types, applications, and regions.

To summarize, the global Malaysia Internet of Things (IoT) Security market report studies the contemporary market to forecast the growth prospects, challenges, opportunities, risks, threats, and the trends observed in the market that can either propel or curtail the growth rate of the industry. The market factors impacting the global sector also include provincial trade policies, international trade disputes, entry barriers, and other regulatory restrictions.

About Us:

Market Research Intellect provides syndicated and customized research reports to clients from various industries and organizations with the aim of delivering functional expertise. We provide reports for all industries including Energy, Technology, Manufacturing and Construction, Chemicals and Materials, Food and Beverage, and more. These reports deliver an in-depth study of the market with industry analysis, the market value for regions and countries, and trends that are pertinent to the industry.

Contact Us:

Mr. Steven Fernandes

Market Research Intellect

New Jersey ( USA )

Tel: +1-650-781-4080

Our Trending Reports

Surgical Imaging Systems Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Surgical Needle Holders Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Surgical/Operating Microscopes Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Suspension Air Bags Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Swager Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Go here to see the original:
Malaysia Internet of Things (IoT) Security Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News

When Troy Hunt launched Have I Been Pwned in late 2013, he wanted it to answer a simple question: Have you fallen victim to a data breach?

Seven years later, the data-breach notification service processes thousands of requests each day from users who check to see if their data was compromised or pwned, with a hard p by the hundreds of data breaches in its database, including some of the largest breaches in history. As it has grown, now sitting just below the 10 billion breached-records mark, the answer to Hunts original question is more clear.

Empirically, its very likely, Hunt told me from his home on Australias Gold Coast. For those of us that have been on the internet for a while its almost a certainty.

What started out as Hunts pet project to learn the basics of Microsofts cloud, Have I Been Pwned quickly exploded in popularity, driven in part by its simplicity to use, but largely by individuals curiosity.

As the service grew, Have I Been Pwned took on a more proactive security role by allowing browsers and password managers to bake in a backchannel to Have I Been Pwned to warn against using previously breached passwords in its database. It was a move that also served as a critical revenue stream to keep down the sites running costs.

But Have I Been Pwneds success should be attributed almost entirely to Hunt, both as its founder and its only employee, a one-man band running an unconventional startup, which, despite its size and limited resources, turns a profit.

As the workload needed to support Have I Been Pwned ballooned, Hunt said the strain of running the service without outside help began to take its toll. There was an escape plan: Hunt put the site up for sale. But, after a tumultuous year, he is back where he started.

Ahead of its next big 10-billion milestone mark, Have I Been Pwned shows no signs of slowing down.

Even long before Have I Been Pwned, Hunt was no stranger to data breaches.

By 2011, he had cultivated a reputation for collecting and dissecting small for the time data breaches and blogging about his findings. His detailed and methodical analyses showed time and again that internet users were using the same passwords from one site to another. So when one site was breached, hackers already had the same password to a users other online accounts.

Then came the Adobe breach, the mother of all breaches, as Hunt described it at the time: More than 150 million user accounts had been stolen and were floating around the web.

Hunt obtained a copy of the data and, with a handful of other breaches he had already collected, loaded them into a database searchable by a persons email address, which Hunt saw as the most common denominator across all the sets of breached data.

And Have I Been Pwned was born.

It didnt take long for its database to swell. Breached data from Sony, Snapchat and Yahoo soon followed, racking up millions more records in its database. Have I Been Pwned soon became the go-to site to check if you had been breached. Morning news shows would blast out its web address, resulting in a huge spike in users enough at times to briefly knock the site offline. Hunt has since added some of the biggest breaches in the internets history: Myspace, Zynga, Adult Friend Finder and several huge spam lists.

As Have I Been Pwned grew in size and recognition, Hunt remained its sole proprietor, responsible for everything from organizing and loading the data into the database to deciding how the site should operate, including its ethics.

Hunt takes a what do I think makes sense approach to handling other peoples breached personal data. With nothing to compare Have I Been Pwned to, Hunt had to write the rules for how he handles and processes so much breach data, much of it highly sensitive. He does not claim to have all the answers, but relies on transparency to explain his rationale, detailing his decisions in lengthy blog posts.

His decision to only let users search for their email address makes logical sense, driven by the sites only mission, at the time, to tell a user if they had been breached. But it was also a decision centered around user privacy that helped to future-proof the service against some of the most sensitive and damaging data he would go on to receive.

In 2015, Hunt obtained the Ashley Madison breach. Millions of people had accounts on the site, which encourages users to have an affair. The breach made headlines, first for the breach, and again when several users died by suicide in its wake.

The hack of Ashley Madison was one of the most sensitive entered into Have I Been Pwned, and ultimately changed how Hunt approached data breaches that involved peoples sexual preferences and other personal data. (AP Photo/Lee Jin-man, File)

Hunt diverged from his usual approach, acutely aware of its sensitivities. The breach was undeniably different. He recounted a story of one person who told him how their local church posted a list of the names of everyone in the town who was in the data breach.

Its clearly casting a moral judgment, he said, referring to the breach. I dont want Have I Been Pwned to enable that.

Unlike earlier, less-sensitive breaches, Hunt decided that he would not allow anyone to search for the data. Instead, he purpose-built a new feature allowing users who had verified their email addresses to see if they were in more sensitive breaches.

The purposes for people being in that data breach were so much more nuanced than what anyone ever thought, Hunt said. One user told him he was in there after a painful break-up and had since remarried but was labeled later as an adulterer. Another said she created an account to catch her husband, suspected of cheating, in the act.

There is a point at which being publicly searchable poses an unreasonable risk to people, and I make a judgment call on that, he explained.

The Ashely Madison breach reinforced his view on keeping as little data as possible. Hunt frequently fields emails from data breach victims asking for their data, but he declines every time.

It really would not have served my purpose to load all of the personal data into Have I Been Pwned and let people look up their phone numbers, their sexualities, or whatever was exposed in various data breaches, said Hunt.

If Have I Been Pwned gets pwned, its just email addresses, he said. I dont want that to happen, but its a very different situation if, say, there were passwords.

But those remaining passwords havent gone to waste. Hunt also lets users search more than half a billion standalone passwords, allowing users to search to see if any of their passwords have also landed in Have I Been Pwned.

Anyone even tech companies can access that trove of Pwned Passwords, he calls it. Browser makers and password managers, like Mozilla and 1Password, have baked-in access to Pwned Passwords to help prevent users from using a previously breached and vulnerable password. Western governments, including the U.K. and Australia, also rely on Have I Been Pwned to monitor for breached government credentials, which Hunt also offers for free.

Its enormously validating, he said. Governments, for the most part, are trying to do things to keep countries and individuals safe working under extreme duress and they dont get paid much, he said.

There have been similar services that have popped up. Theyve been for-profit and theyve been indicted.Troy Hunt

Hunt recognizes that Have I Been Pwned, as much as openness and transparency is core to its operation, lives in an online purgatory under which any other circumstances especially in a commercial enterprise he would be drowning in regulatory hurdles and red tape. And while the companies whose data Hunt loads into his database would probably prefer otherwise, Hunt told me he has never received a legal threat for running the service.

Id like to think that Have I Been Pwned is at the far-legitimate side of things, he said.

Others who have tried to replicate the success of Have I Been Pwned havent been as lucky.

There have been similar services that have popped up, said Hunt. Theyve been for-profit and theyve been indicted, he said.

LeakedSource was, for a time, one of the largest sellers of breach data on the web. I know, because my reporting broke some of their biggest gets: music streaming service Last.fm, adult dating site AdultFriendFinder and Russian internet giant Rambler.ru to name a few. But what caught the attention of federal authorities was that LeakedSource, whose operator later pleaded guilty to charges related to trafficking identity theft information, indiscriminately sold access to anyone elses breach data.

There is a very legitimate case to be made for a service to give people access to their data at a price.

Hunt said he would sleep perfectly fine charging users a fee to access their data. I just wouldnt want to be accountable for it if it goes wrong, he said.

Five years into Have I Been Pwned, Hunt could feel the burnout coming.

I could see a point where I would be if I didnt change something, he told me. It really felt like for the sustainability of the project, something had to change.

He said he went from spending a fraction of his time on the project to well over half. Aside from juggling the day-to-day collecting, organizing, deduplicating and uploading vast troves of breached data Hunt was responsible for the entirety of the sites back-office upkeep its billing and taxes on top of his own.

The plan to sell Have I Been Pwned was code-named Project Svalbard, named after the Norwegian seed vault that Hunt likened Have I Been Pwned to, a massive stockpile of something valuable for the betterment of humanity, he wrote announcing the sale in June 2019. It would be no easy task.

Hunt said the sale was to secure the future of the service. It was also a decision that would have to secure his own. Theyre not buying Have I Been Pwned, theyre buying me, said Hunt. Without me, theres just no deal. In his blog post, Hunt spoke of his wish to build out the service and reach a larger audience. But, he told me, it was not about the money.

As its sole custodian, Hunt said that as long as someone kept paying the bills, Have I Been Pwned would live on. But there was no survivorship model to it, he admitted. Im just one person doing this.

By selling Have I Been Pwned, the goal was a more sustainable model that took the pressure off him, and, he joked, the site wouldnt collapse if he got eaten by a shark, an occupational hazard for living in Australia.

But chief above all, the buyer had to be the perfect fit.

Hunt met with dozens of potential buyers, and many in Silicon Valley. He knew what the buyer would look like, but he didnt yet have a name. Hunt wanted to ensure that whomever bought Have I Been Pwned upheld its reputation.

Imagine a company that had no respect for personal data and was just going to abuse the crap out of it, he said. What does that do for me? Some potential buyers were driven by profits. Hunt said any profits were ancillary. Buyers were only interested in a deal that would tie Hunt to their brand for years, buying the exclusivity to his own recognition and future work thats where the value in Have I Been Pwned is.

Hunt was looking for a buyer with whom he knew Have I Been Pwned would be safe if he were no longer involved. It was always about a multiyear plan to try and transfer the confidence and trust people have in me to some other organizations, he said.

Hunt testifies to the House Energy Subcommittee on Capitol Hill in Washington, Thursday, Nov. 30, 2017. (AP Photo/Carolyn Kaster)

The vetting process and due diligence was insane, said Hunt. Things just drew out and drew out, he said. The process went on for months. Hunt spoke candidly about the stress of the year. I separated from my wife early last year around about the same time as the [sale process], he said. They later divorced. You can imagine going through this at the same time as the separation, he said. It was enormously stressful.

Then, almost a year later, Hunt announced the sale was off. Barred from discussing specifics thanks to non-disclosure agreements, Hunt wrote in a blog post that the buyer, whom he was set on signing with, made an unexpected change to their business model that made the deal infeasible.

It came as a surprise to everyone when it didnt go through, he told me. It was the end of the road.

Looking back, Hunt maintains it was the right thing to walk away. But the process left him back at square one without a buyer and personally down hundreds of thousands in legal fees.

After a bruising year for his future and his personal life, Hunt took time to recoup, clambering for a normal schedule after an exhausting year. Then the coronavirus hit. Australia fared lightly in the pandemic by international standards, lifting its lockdown after a brief quarantine.

Hunt said he will keep running Have I Been Pwned. It wasnt the outcome he wanted or expected, but Hunt said he has no immediate plans for another sale. For now its business as usual, he said.

In June alone, Hunt loaded over 102 million records into Have I Been Pwneds database. Relatively speaking, it was a quiet month.

Weve lost control of our data as individuals, he said. But not even Hunt is immune. At close to 10 billion records, Hunt has been pwned more than 20 times, he said.

Earlier this year Hunt loaded a massive trove of email addresses from a marketing database, dubbed Lead Hunter. He fed some 68 million records into Have I Been Pwned. Hunt said someone had scraped a ton of publicly available web domain record data and repurposed it as a massive spam database. But someone left that spam database on a public server, without a password, for anyone to find. Someone did, and passed the data to Hunt. Like any other breach, he took the data, loaded it in Have I Been Pwned and sent out email notifications to the millions who have subscribed.

Job done, he said. And then I got an email from Have I Been Pwned saying Id been pwned.

He laughed. It still surprises me the places that I turn up.

Related stories:

Originally posted here:
How Have I Been Pwned became the keeper of the internets biggest data breaches - TechCrunch