Behind the Scenes at 'Have I Been Pwned' (abc.net.au) 22
He's not required to give organisations this opportunity, much less persist when they ignore his messages or accuse him of trying to shake them down for money. But there's evidence that this approach is working. Despite the legal grey area he has operated in for a decade now, he's avoided being sued by any of the organisations responsible for the 705 breaches that are now searchable on Have I Been Pwned. These days, major tech companies like Mozilla and 1Password use Have I Been Pwned, and Troy likes to point out that dozens of national governments and law enforcement agencies also partner with his service...
"He's not a company that's audited. He's just a dude on the web," says Jane Andrew, an expert on data breaches at the University of Sydney. "I think it's so shocking that this is where we find out information about ourselves. She says governments and law enforcement have, in general, left it to individuals to deal with the fallout from data breaches... Without an effective global regulator, Professor Andrew says, a crucial part of the world's cybersecurity infrastructure is left to rely on the goodwill of this one man on the Gold Coast.
Thanks to long-time Slashdot reader slincolne for sharing the article.