Have I Been Pwned, the data breach repository run by Australia’s Troy Hunt, is working with KPMG to try and find an organisation to acquire it.
Hunt revealed the acquisition plans - which have been codenamed Project Svalbard - in a blog post on Tuesday afternoon.
It was time for HIBP to “grow up”, Hunt said.
“It’s time to go from that one guy doing what he can in his available time to a better-resourced and better-funded structure that's able to do way more than what I ever could on my own,” he said.
Hunt said he was concerned about burnout, given the increasing scale and incidence of data breaches.
He also believed HIBP could do more in the space, including widening its capture of breaches.
“There's a whole heap of organisations out there that don't know they've been breached simply because I haven't had the bandwidth to deal with it all,” Hunt said.
Hunt said he had “put out the feelers” on acquisition plans first before formalising them with the help of KPMG in April.
He indicated there is already “a solid selection” of potential suitors but that there also needed to be “some very serious discussions ... had” around fit and whether the buyer is “the right place for such a valuable service to go.”
Hunt said he was entering acquisition discussions with some principles in mind.
He wanted consumer searches of whether email addresses had been caught up in data breaches to remain free.
“The service became this successful because I made sure there were no barriers in the way for people searching their data and I absolutely, positively want that to remain the status quo,” he said.
Hunt also said he intended to be “part of the acquisition - that is some company gets me along with the project.”
Hunt hoped to enable HIBP to reach an even larger audience and for it to play “a much bigger role in changing the behaviour of how people manage their online accounts.”