Have I Been Pwned Likely to Ban Resellers Subscriptions

Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships. Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the service. HIBP is a collectivel that allows users to check whether their personal information, such […] The post Have I Been Pwned Likely to Ban Resellers Subscriptions appeared first on Cyber Security News.

Feb 13, 2025 - 10:37

Have I Been Pwned Likely to Ban Resellers Subscriptions

Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships.

Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the service.

HIBP is a collectivel that allows users to check whether their personal information, such as email addresses or phone numbers, has been exposed in data breaches.

The platform aggregates data from over 866 breaches and thousands of paste sites, enabling individuals and organizations to take corrective actions like resetting passwords and enabling multi-factor authentication.

HIBP also offers an API for bulk queries, available through paid subscriptions ranging from $39.50 to $1,370 annually.

I'm seriously considering just an outright ban on resellers buying @haveibeenpwned subscriptions for customers. It's just constant dramas, support overhead, obnoxious responses and confusion. What are customers actually getting from resellers, other than *massive* price markups?— Troy Hunt (@troyhunt) February 6, 2025

Resellers often purchase HIBP subscriptions and offer them to end-users at significantly marked-up prices. While this practice is not inherently unethical, it has led to several complications.

Resellers often charge customers excessive rates for services they could access directly from HIBP at a lower cost.

See who can guess how much a reseller marks up the price. Keep in mind these companies are just selling the service and taking a cut, they’re not MSPs, they’re not adding any other value, they’re just reselling our API keys and domain searches to companies that already wanted it.— Troy Hunt (@troyhunt) February 7, 2025

Further, resellers frequently pass on customer support responsibilities to HIBP, creating an additional burden for the platform’s team.

Many users remain unaware of what they are paying for when purchasing through resellers, leading to dissatisfaction and misunderstandings.

Troy Hunt, the creator of Have I Been Pwned expressed his frustration on social media, stating, “What are customers actually getting from resellers, other than massive price markups?.”

They’re not resellers, they’re consumers of the service. Companies purchase our service through resellers who on-sell exactly the same thing but for more money and with shittier service.— Troy Hunt (@troyhunt) February 7, 2025

Hunt also shared stats that: “0.86% of our customers who come through them are consuming the same amount of support time as the entire remaining 99.14%.”

This imbalance underscores the inefficiency and resource drain caused by reseller practices.

A ban on resellers would represent a decisive step towards ensuring greater transparency and fairness in how HIBP subscriptions are distributed. By eliminating intermediaries, HIBP could:

Reduce Customer Costs: Direct subscriptions would eliminate reseller markups, making the service more affordable.
Streamline Support: Customers would interact directly with HIBP’s support team, reducing miscommunication and delays.
Enhance Security: Direct access to HIBP ensures that customers’ data is handled in compliance with the platform’s security standards.

PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar

The post Have I Been Pwned Likely to Ban Resellers Subscriptions appeared first on Cyber Security News.