Posted on

Rocket Lab launch fails during rocket’s second stage burn, causing a loss of vehicle and payloads

Rocket Lab’s ‘Pic or it didn’t happen’ launch on Saturday ended in failure, with a total loss of the Electron launch vehicle and all seven payloads on board. The launch vehicle experienced a failure during the second stage burn post-launch, after a lift-off from the Rocket Lab Launch Complex 1 on Mahia Peninsula in New Zealand.

The mission appeared to be progressing as intended, but the launch vehicle appeared to experience unexpected stress during the ‘Max Q’ phase of launch, or the period during which the Electron rocket experiences the most significant atmospheric pressure prior to entering space.

Launch video cut off around six minutes after liftoff during the live stream, and rocket was subsequently shown to be falling from its current altitude before the web stream was cut short. Rocket Lab then revealed via Twitter that the Electron vehicle was lost during the second stage burn, and committed to sharing more information when it becomes available.

This is an unexpected development for Rocket Lab, which has flown 11 uneventful consecutive Electron missions since the beginning of its program.

Rocket Lab CEO and founder Peter Beck posted an apology to Twitter, noting that all satellites were lost, and that he’s “incredibly sorry” to all customer who suffered loss of payload today. That includes Canon, which was flying a new Earth imaging satellite with demonstration imaging tech on board, as well as Planet, which had five satellites for its newest and most advanced Earth imaging constellation on the vehicle.

We’ll update with more info about the cause and next steps from Rocket Lab when available.


Source: Tech Crunch

Posted on

How to watch Rocket Lab launch satellites for Canon, Planet and more live

Rocket Lab is launching a rideshare mission today which includes seven small satellites from a number of different companies, including primary payload provider Canon, which is flying a satellite equipped with the camera-maker’s Earth imaging technology, including high-res photo capture equipment. The Electron rocket that Rocket Lab is flying today will also carry five Planet SuperDove Earth-Observation satellites, as well as a CubeSat from In-Space missions.

The launch, which is named ‘Pics or It Didn’t Happen’ is set to take place during a window which opens at 5:19 PM EDT (2:19 PM PDT) and extends until 6:03 PM EDT (3:03 PM EDT), lifting off from Rocket Lab’s Launch Complex 1 on the Mahia Peninsula in New Zealand. To check it out live, tune in directly via Rocket Lab’s website here – the live stream should begin around 15 minutes prior to the opening of the launch window.

This is Rocket Lab’s third flight this year, and while the company is still in the process of developing and testing its rocket booster recovery program, this mission won’t include any booster recovery attempt. This is the company’s 13th Electron flight, and the next planned test in that system’s development is set for flight 17.


Source: Tech Crunch

Posted on

Startups Weekly: Tech unicorns look to IPOs as Lemonade, Accolade boom

Hundreds of tech-oriented startups worth a billion or more dollars had envisioned successful public offerings before the pandemic hit. But new tech listings slowed to nearly nothing this spring as companies have tried to adjust to the profound changes sweeping the world.

Today, more and more companies are back to their previous plans, with Lemonade and Accolade finding an enthusiastic public this week, following Agora’s pop last Friday, as Alex Wilhelm has been covering.

The first big tech IPO this week was in online insurance, the second in health, and despite both being in promising markets, the valuations are quite a bit higher than their business realities to date. Here’s more, from his analysis on Extra Crunch:

Lemonade is being valued at more than 15x the value of its annualized Q1 revenue despite not sporting the gross margins you might expect investors to demand for it to merit that SaaS valuation. And Accolade only expects to grow by about 20% in Q2 2020 compared to its year-ago results while probably losing more money.

But who cares? The IPO market is standing there with open arms today (there’s always another IPO cliché lurking).

The read of this is impossibly simple: However open we thought that the IPO market was before, it is even more welcoming. For companies on the sidelines, like Palantir, Airbnb, DoorDash and Asana, you have to wonder what they are waiting for. Sure, you can raise more private capital like Palantir and DoorDash have, but so what; if you want to defend your valuation, isn’t this the market that was hoped for?

He also takes a look at a few more companies getting ready to file, including banking software company nCino and GoHealth, an insurance portal that was bought by a private equity firm last year, as well as gaming company DoubleDown Interactive. The general trend seems to be that initial stock pricing has stayed more conservative than how public markets are feeling.

Startup survey shows remote is new normal already

“Early-stage startups are confident of re-opening their offices in the wake of the COVID-19 within the next six months,” writes Mike Butcher for TechCrunch this week. “But there will be changes.” Here’s more from our UK-based editor-at-large:

An exclusive survey compiled by Founders Forum, with TechCrunch, found 63% of those surveyed said they would only re-open in either 1-3 months or 3-6 months — even if the government advises [sic] that it is safe to do so before then. A minority have re-opened their offices, while 10% have closed their office permanently. The full survey results can be found here.

However, there will clearly be long-term impact on the model of office working, with a majority of those surveyed saying they would now move to either a flexible remote working model (some with permanent offices, some without), but only a small number plan a “normal” return to work. A very small number plan to go fully “remote.” Many cited the continuing benefits of face-to-face interaction when trying to build the team culture so crucial with early-stage companies.

Title insurance is getting the tech competition it deserves

A lot of people are thinking harder about homeownership as they wait out quarantines — but real estate is still an old-fashioned industry, layered with complexities and surprising costs that can keep a dream purchase out of reach. Title insurance is a great example. A one-time cost to protect buyers and sellers during the closing process, it can extend the purchase process by a month or two, in addition to potentially adding thousands of dollars in costs. But various new regulations and rulings have combined with the larger trends in SaaS to open up the market. Here’s more, in a detailed guest post for Extra Crunch from Ashley Paston of Bain Capital Ventures:

In a very short period of time, we’ve seen startups take advantage of this new, more competitive landscape by offering solutions to streamline the task of getting title insurance. Qualia, for example, offers an end-to-end platform that connects all parties involved in a real estate transaction, so title agents can manage and coordinate all aspects of the process in real time. San Francisco-based States Title, for example, uses a predictive underwriting engine that produces nearly instantaneous title assessment, dramatically reducing the cost and time required to issue a policy. Qualia and States Title are among several companies hoping to revolutionize title insurance and they reflect the two emerging meta-trends.

The first trend, enablement, consists of companies developing technology designed to integrate with incumbent real estate businesses… The second trend, disruption, consists of companies displacing incumbent real estate business altogether.

Image Credits: Black Innovation Alliance

Tech diversity stays in focus

The tech industry has talked about making its opportunities available to all for many years, and struggled to deliver. But more than a month after George Floyd was killed, this time is still feeling different. One example is 👁👄👁.fm, a viral sort of insidery prank from last weekend that a diverse small group of friends in tech created and turned into a successful grassroots fundraiser for racial justice organizations (it was not a VC fundraising stunt). “In one fell swoop,” veteran product leader Ravi Mehta wrote for TechCrunch, “the team chastised Silicon Valley’s use of exclusivity as a marketing tactic, trolled thirsty VCs for their desire to always be first on the next big thing, deftly leveraged the virality of Twitter to build awareness and channeled that awareness into dollars that will have a real impact on groups too often overlooked.”

Meanwhile, a group of Black startup founders and the Transparent Collective created a public spreadsheet to provide a comprehensive list of every VC who has backed a Black founder in the US, and the umbrella Black Innovation Alliance launched to help hundreds of related Black-focused tech and entrepreneurship organizations connect and support each other. Efforts like these, combined with a real generational willingness to address the structural problems, are what can make the difference finally.

Why AR has mostly failed (so far)

Augmented reality concepts may become a core part of how people live in the future, but the first wave of companies in the space have not fared well. Here’s why, from Lucas Matney on Extra Crunch:

The technology was almost there in a lot of cases, but the real issue was that the stakes to beat the major players to market were so high that many entrants pushed out boring, general consumer products. In a race to be everything for everybody, the industry relied on nascent developer platforms to do the dirty work of building their early use cases, which contributed heavily to nonexistent user adoption.

Instead, he says success will come from nailing the use-cases first, and not messing around with complex developer platforms and expensive hardware.

Around TechCrunch

Hear Charles Hudson explain how to sell an idea (without a product) at Early Stage

Get your pitchdeck critiqued by Accel’s Amy Saper and Bessemer’s Talia Goldberg at Early Stage

Pioneering CRISPR researcher Jennifer Doudna is coming to Disrupt

One week only: Score 4th of July discounts on Disrupt 2020 passes

Sale: Save 25% on annual Extra Crunch membership

Extra Crunch is now available in Greece, Ireland and Portugal

Extra Crunch expands into Romania

Across the week

TechCrunch

Global app revenue jumps to $50B in the first half of 2020, in part due to COVID-19 impacts

Let’s stop COVID-19 from undoing diversity gains

Strap in — a virtual Tour de France is coming this weekend

US suspends export of sensitive tech to Hong Kong as China passes new national security law

India bans TikTok, dozens of other Chinese apps

Extra Crunch

Top LA investors discuss the city’s post-COVID-19 prospects

13 Boston-focused venture capitalists talk green shoots and startup recovery

How $20 billion health care behemoth Blue Shield of California sees startups

From napkin notes to term sheets: A chat with Inspired Capital’s Alexa von Tobel

Where to open a game studio

Are virtual concerts here to stay?

#EquityPod

From Alex:

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

Before we dive in, don’t forget that the show is on Twitter now, so follow us there if you want to see discarded headline ideas, outtakes from the show that got cut, and more. It’s fun!

Back to task, listen, we’re tired too. But we didn’t let that stop us from packing this week’s Equity to the very gills with news and notes and jokes and fun. Hopefully you can chuckle along with myself and Natasha and Danny and Chris on the dials as we riffed through all of this:

Right, that’s our ep. Hugs from the team and have a lovely weekend. You are all tremendous and we appreciate you spending part of your day with the four of us.

Equity drops every Monday at 7:00 AM PT and Friday at 6:00 am PT, so subscribe to us on Apple PodcastsOvercastSpotify and all the casts.


Source: Tech Crunch

Posted on

This Week in Apps: India bans Chinese apps, Apple freezes game updates in China, iOS developer backlash continues

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in consumer spending in 2019. People are now spending three hours and 40 minutes per day using apps, rivaling TV. Apps aren’t just a way to pass idle hours — they’re a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week, we’re tracking the continued ramifications of the in-app purchases incident ignited by Basecamp, which has emboldened more developers to voice their gripes with Apple publicly in the past few days. The app stores are also this week enmeshed in world of politics, ranging from the India-China border dispute to apps impacted by China’s big brother-esque regulations to the latest with Apple’s antitrust probe.

HEADLINES

Dozens of Chinese apps banned in India

In a major upset to mobile app businesses competing on a global stage, India this week blocked 59 apps developed by Chinese firms, due to concerns that the apps were engaging in activities that threatened the “national security and defense of India,” according to the Indian government.

The ban itself is a political power move as it follows deadly clashes between Indian and Chinese troops along the disputed Himalayan border in June, which led to the death of at least 20 Indian soldiers on June 16. (China didn’t disclose its casualties.) Indian government officials claimed they had received reports of the apps stealing and transmitting user data in an unauthorized manner to servers outside the country. This is what necessitated the ban, they said.

India’s move could prove to have larger repercussions, as it sets the stage for a world where Chinese internet companies are excluded from key markets. This isn’t something that’s limited to apps, of course. For instance, the  U.S. is rallying its allies to stop using Huawei technologies for 5G. But China’s policies could mean its more successful apps, like TikTok, will lose key markets and therefore, forfeit revenue and power.

  • India’s ban threatens TikTok’s growth in a key market 

The move to ban the Chinese apps in India most notably impacts TikTok. To date, India had been the app’s largest overseas market until now, with some 200M+ users across around 611M lifetime downloads. In the most recent quarter, TikTok and the 58 other banned apps combined, had been downloaded around 330M times. The ban is estimated to impact roughly one in three smartphone users in India, according to research firm Counterpoint.

Google and Apple began to comply with New Delhi’s order on Thursday, to prevent Indian users from accessing the banned apps. In addition, India’s Department of Telecommunications ordered telecom networks and ISPs to block access to those 59 apps immediately.

Kevin Mayer, the chief executive of TikTok, said on Wednesday his app was in compliance with Indian privacy and security requirements and he was looking forward to meeting with various stakeholders in the Indian government to discuss.


Source: Tech Crunch

Posted on

Tesla is taking reservations for its Cybertruck in China

Tesla has opened up reservations for its all-electric Cybertruck to customers in China, a move that will test the market’s appetite for a massive, futuristic truck.

The reservations page on Tesla’s China website was first posted in Reddit channel r/teslamotors by user u/aaronhry. Electrek also reported on the Reddit post.

The Cybertruck, which was unveiled in November at the Tesla Design Center in Hawthorne, Calif., isn’t expected to go into production until late 2022. But that hasn’t stopped thousands of U.S. consumers to plunk down a $100 refundable deposit for the truck. Just weeks after the official unveiling, Tesla CEO Elon Musk tweeted that there were 250,000 reservations for the vehicle.

Tesla is now testing potential interest among Chinese consumers.

It’s impossible to predict how many of these reservations — in China and the U.S. — will convert to actual sales. It will be more than a year before there are any answers. Tesla hasn’t even finalized its decision of where it will build the vehicle.

Musk tweeted in March that Tesla was scouting locations for a factory that would be used to produce Model Y crossovers for the East Coast market as well as the Cybertruck.  At the time, Musk said that the factory would be located in the central part of the United States.

Initially, Tesla was eyeing Nashville and had been in talks with officials there. The company has since turned its attention to Austin and Tulsa. Talks in Austin have progressed rapidly and it appears likely that the factory will end up in a location just outside of the city. Although Tulsa officials have been quick to note that talks with Tesla have continued there as well.

Tesla has said it will offer three variants of the Cybertruck. The cheapest version, a single motor and rear-wheel drive model, will cost $39,900, have a towing capacity of 7,500 pounds and more than 250 miles of range. The middle version will be a dual-motor all-wheel drive, have a towing capacity of more than 10,000 pounds and be able to travel more than 300 miles on a single charge. The dual motor AWD model is priced at $49,900.

The third version will have three electric motors and all-wheel drive, a towing capacity of 14,000 pounds and battery range of more than 500 miles. This version, known as “tri motor,” is priced at $69,900.


Source: Tech Crunch

Posted on

R&D Roundup: Tech giants unveil breakthroughs at computer vision summit

Computer vision summit CVPR has just (virtually) taken place, and like other CV-focused conferences, there are quite a few interesting papers. More than I could possibly write up individually, in fact, so I’ve collected the most promising ones from major companies here.

Facebook, Google, Amazon and Microsoft all shared papers at the conference — and others too, I’m sure — but I’m sticking to the big hitters for this column. (If you’re interested in the papers deemed most meritorious by attendees and judges, the nominees and awards are listed here.)

Microsoft

Redmond has the most interesting papers this year, in my opinion, because they cover several nonobvious real-life needs.

One is documenting that shoebox we or perhaps our parents filled with old 3x5s and other film photos. Of course there are services that help with this already, but if photos are creased, torn, or otherwise damaged, you generally just get a high-resolution scan of that damage. Microsoft has created a system to automatically repair such photos, and the results look mighty good.

Image Credits: Google

The problem is as much identifying the types of degradation a photo suffers from as it is fixing them. The solution is simple, write the authors: “We propose a novel triplet domain translation network by leveraging real photos along with massive synthetic image pairs.” Amazing no one tried it before!


Source: Tech Crunch

Posted on

We need a new field of AI to combat racial bias

Gary M. Shiffman
Contributor

Gary M. Shiffman, Ph.D., is the author of “The Economics of Violence: How Behavioral Science Can Transform our View of Crime, Insurgency, and Terrorism“. He teaches economic science and national security at Georgetown University and is founder and CEO of Giant Oak, the creator of Giant Oak Search Technology.

Since widespread protests over racial inequality began, IBM announced it would cancel its facial recognition programs to advance racial equity in law enforcement. Amazon suspended police use of its Rekognition software for one year to “put in place stronger regulations to govern the ethical use of facial recognition technology.”

But we need more than regulatory change; the entire field of artificial intelligence (AI) must mature out of the computer science lab and accept the embrace of the entire community.

We can develop amazing AI that works in the world in largely unbiased ways. But to accomplish this, AI can’t be just a subfield of computer science (CS) and computer engineering (CE), like it is right now. We must create an academic discipline of AI that takes the complexity of human behavior into account. We need to move from computer science-owned AI to computer science-enabled AI. The problems with AI don’t occur in the lab; they occur when scientists move the tech into the real world of people. Training data in the CS lab often lacks the context and complexity of the world you and I inhabit. This flaw perpetuates biases.

AI-powered algorithms have been found to display bias against people of color and against women. In 2014, for example, Amazon found that an AI algorithm it developed to automate headhunting taught itself to bias against female candidates. MIT researchers reported in January 2019 that facial recognition software is less accurate in identifying humans with darker pigmentation. Most recently, in a study late last year by the National Institute of Standards and Technology (NIST), researchers found evidence of racial bias in nearly 200 facial recognition algorithms.

In spite of the countless examples of AI errors, the zeal continues. This is why the IBM and Amazon announcements generated so much positive news coverage. Global use of artificial intelligence grew by 270% from 2015 to 2019, with the market expected to generate revenue of $118.6 billion by 2025. According to Gallup, nearly 90% Americans are already using AI products in their everyday lives – often without even realizing it.

Beyond a 12-month hiatus, we must acknowledge that while building AI is a technology challenge, using AI requires non-software development heavy disciplines such as social science, law and politics. But despite our increasingly ubiquitous use of AI, AI as a field of study is still lumped into the fields of CS and CE. At North Carolina State University, for example, algorithms and AI are taught in the CS program. MIT houses the study of AI under both CS and CE. AI must make it into humanities programs, race and gender studies curricula, and business schools. Let’s develop an AI track in political science departments. In my own program at Georgetown University, we teach AI and Machine Learning concepts to Security Studies students. This needs to become common practice.

Without a broader approach to the professionalization of AI, we will almost certainly perpetuate biases and discriminatory practices in existence today. We just may discriminate at a lower cost — not a noble goal for technology. We require the intentional establishment of a field of AI whose purpose is to understand the development of neural networks and the social contexts into which the technology will be deployed.

In computer engineering, a student studies programming and computer fundamentals. In computer science, they study computational and programmatic theory, including the basis of algorithmic learning. These are solid foundations for the study of AI – but they should only be considered components. These foundations are necessary for understanding the field of AI but not sufficient on their own.

For the population to gain comfort with broad deployment of AI so that tech companies like Amazon and IBM, and countless others, can deploy these innovations, the entire discipline needs to move beyond the CS lab. Those who work in disciplines like psychology, sociology, anthropology and neuroscience are needed. Understanding human behavior patterns, biases in data generation processes are needed. I could not have created the software I developed to identify human trafficking, money laundering and other illicit behaviors without my background in behavioral science.

Responsibly managing machine learning processes is no longer just a desirable component of progress but a necessary one. We have to recognize the pitfalls of human bias and the errors of replicating these biases in the machines of tomorrow, and the social sciences and humanities provide the keys. We can only accomplish this if a new field of AI, encompassing all of these disciplines, is created.


Source: Tech Crunch

Posted on

GGV’s Jeff Richards: ‘There is a level of resiliency in Silicon Valley that we did not have 10 years ago’

Earlier this week, GGV Capital’s Jeff Richards and Hans Tung joined TechCrunch for an Extra Crunch Live session. During our hour-long chat, we touched on startup profitability, the global venture capital scene, why GGV doesn’t have an office in Europe, how the venture industry is responding to its stark lack of diversity and other issues.

When it comes to useful bits of information, this was perhaps the most useful Extra Crunch Live discussion in which I’ve participated. One moment that stood out came early in the chat when we were talking about COVID-19-driven headwinds and tailwinds and how many startups might be in trouble. Richards said the following (emphasis via TechCrunch):

“You know, the one thing that’s been remarkable for me — I was in Silicon Valley as an entrepreneur in the ’99, 2000 dot-com bubble, and 9/11. I was here in ’08, ’09 — I think there is a level of resiliency in Silicon Valley that we did not have 10 years ago and 20 years ago. I don’t have data to point to that. But we have been saying now for a few months that we’ve been blown away at the level of maturity, calmness, perseverance [and] resiliency that our companies and the founders and management teams have. On an emotional level, it’s been very heartwarming, because you hope to back the kind of people that are building real companies that can withstand challenges.

I think the corollary to that is you’ve seen companies that raised a ton of money and were burning a ton of cash and weren’t building very good businesses, a lot of those frankly went under in Q1 or are going under now. They haven’t been able to raise more cash and they’re just kind of dead.”

Both Richards and Tung were positive about their own portfolio companies’ recent performance and financial health (cash position, really). But it appears that not only are their portfolios doing well, but other startups are a bit more solid than in previous downturns.

On the flip side, however, there is a separate cohort of startups that were running inefficiently before and are now perhaps unfundable. Reading both points in unison, it appears that the startup market is bifurcating between the companies that will come out of the COVID-19 era unwounded, and those that are suffering. And the companies that weren’t the most cash hungry probably have the highest chance of being in the first bucket.

There’s a lot more to get to. So hit the jump for the full video and audio, and a few more of the best bits from the transcript. (You can snag a cheap Extra Crunch trial here if you need one.)

Oh, and don’t forget to stay up to date on coming chats. There’s still a lot to do.

The full chat

Here’s the full video rewind. Our favorite bits of the transcript follow:


Source: Tech Crunch

Posted on

As Q3 kicks off, four more companies join the $100M ARR club

Welcome back to our $100 million annual recurring revenue (ARR) series, in which we take irregular looks at companies that have reached material scale while still private. The goal of our project is simple: uncovering companies of real worth beyond how they are valued by private investors.

The Exchange is a daily look at startups and the private markets for Extra Crunch subscribers; use code EXCHANGE to get full access and take 25% off your subscription.

It’s all well and good to get a $1 billion valuation, call yourself a unicorn and march around like you invented the internet. But reaching material revenue scale means that, unlike some highly valued companies, you’re actually hard to kill. (And more valuable, and more likely to go public, we reckon.)

Before we dive into today’s new companies, keep in mind that we’ve expanded the type of company that can make it into the $100M ARR club to include companies that reach a $100 million annual run rate pace. Why? Because we don’t only want to collect SaaS companies, and if we could go back in time we’d probably draw a different box around the companies we are tracking.

$100M ARR or bust

If you need to catch up, you can find the two most recent entries in the series here and here. For everyone who’s current, today we are adding Snow Software, A Cloud Guru, Zeta Global and Upgrade to the club. Let’s go!

Snow Software

Just this week, Snow Software announced that it has crossed the $100 million ARR mark, according to a release shared with TechCrunch. The Swedish software asset management company has raised a few private rounds, including a $120 million private equity round in 2017. But, unlike many American companies that make this list, we don’t have a historical record of needing extensive private capital to scale.


Source: Tech Crunch

Posted on

How Have I Been Pwned became the keeper of the internet’s biggest data breaches

When Troy Hunt launched Have I Been Pwned in late 2013, he wanted it to answer a simple question: Have you fallen victim to a data breach?

Seven years later, the data-breach notification service processes thousands of requests each day from users who check to see if their data was compromised — or pwned with a hard ‘p’ — by the hundreds of data breaches in its database, including some of the largest breaches in history. As it’s grown, now sitting just below the 10 billion breached-records mark, the answer to Hunt’s original question is more clear.

“Empirically, it’s very likely,” Hunt told me from his home on Australia’s Gold Coast. “For those of us that have been on the internet for a while it’s almost a certainty.”

What started out as Hunt’s pet project to learn the basics of Microsoft’s cloud, Have I Been Pwned quickly exploded in popularity, driven in part by its simplicity to use, but largely by individuals’ curiosity.

As the service grew, Have I Been Pwned took on a more proactive security role by allowing browsers and password managers to bake in a backchannel to Have I Been Pwned to warn against using previously breached passwords in its database. It was a move that also served as a critical revenue stream to keep down the site’s running costs.

But Have I Been Pwned’s success should be attributed almost entirely to Hunt, both as its founder and its only employee, a one-man band running an unconventional startup, which, despite its size and limited resources, turns a profit.

As the workload needed to support Have I Been Pwned ballooned, Hunt said the strain of running the service without outside help began to take its toll. There was an escape plan: Hunt put the site up for sale. But, after a tumultuous year, he is back where he started.

Ahead of its next big 10-billion milestone mark, Have I Been Pwned shows no signs of slowing down.

‘Mother of all breaches’

Even long before Have I Been Pwned, Hunt was no stranger to data breaches.

By 2011, he had cultivated a reputation for collecting and dissecting small — for the time — data breaches and blogging about his findings. His detailed and methodical analyses showed time and again that internet users were using the same passwords from one site to another. So when one site was breached, hackers already had the same password to a user’s other online accounts.

Then came the Adobe breach, the “mother of all breaches” as Hunt described it at the time: Over 150 million user accounts had been stolen and were floating around the web.

Hunt obtained a copy of the data and, with a handful of other breaches he had already collected, loaded them into a database searchable by a person’s email address, which Hunt saw as the most common denominator across all the sets of breached data.

And Have I Been Pwned was born.

It didn’t take long for its database to swell. Breached data from Sony, Snapchat and Yahoo soon followed, racking up millions more records in its database. Have I Been Pwned soon became the go-to site to check if you had been breached. Morning news shows would blast out its web address, resulting in a huge spike in users — enough at times to briefly knock the site offline. Hunt has since added some of the biggest breaches in the internet’s history: MySpace, Zynga, Adult Friend Finder, and several huge spam lists.

As Have I Been Pwned grew in size and recognition, Hunt remained its sole proprietor, responsible for everything from organizing and loading the data into the database to deciding how the site should operate, including its ethics.

Hunt takes a “what do I think makes sense” approach to handling other people’s breached personal data. With nothing to compare Have I Been Pwned to, Hunt had to write the rules for how he handles and processes so much breach data, much of it highly sensitive. He does not claim to have all of the answers, but relies on transparency to explain his rationale, detailing his decisions in lengthy blog posts.

His decision to only let users search for their email address makes logical sense, driven by the site’s only mission, at the time, to tell a user if they had been breached. But it was also a decision centered around user privacy that helped to future-proof the service against some of the most sensitive and damaging data he would go on to receive.

In 2015, Hunt obtained the Ashley Madison breach. Millions of people had accounts on the site, which encourages users to have an affair. The breach made headlines, first for the breach, and again when several users died by suicide in its wake.

The hack of Ashley Madison was one of the most sensitive entered into Have I Been Pwned, and ultimately changed how Hunt approached data breaches that involved people’s sexual preferences and other personal data. (AP Photo/Lee Jin-man, File)

Hunt diverged from his usual approach, acutely aware of its sensitivities. The breach was undeniably different. He recounted a story of one person who told him how their local church posted a list of the names of everyone in the town who was in the data breach.

“It’s clearly casting a moral judgment,” he said, referring to the breach. “I don’t want Have I Been Pwned to enable that.”

Unlike earlier, less sensitive breaches, Hunt decided that he would not allow anyone to search for the data. Instead, he purpose-built a new feature allowing users who had verified their email addresses to see if they were in more sensitive breaches.

“The purposes for people being in that data breach were so much more nuanced than what anyone ever thought,” Hunt said. One user told him he was in there after a painful break-up and had since remarried but was labeled later as an adulterer. Another said she created an account to catch her husband, suspected of cheating, in the act.

“There is a point at which being publicly searchable poses an unreasonable risk to people, and I make a judgment call on that,” he explained.

The Ashely Madison breach reinforced his view on keeping as little data as possible. Hunt frequently fields emails from data breach victims asking for their data, but he declines every time.

“It really would not have served my purpose to load all of the personal data into Have I Been Pwned and let people look up their phone numbers, their sexualities, or whatever was exposed in various data breaches,” said Hunt.

“If Have I Been Pwned gets pwned, it’s just email addresses,” he said. “I don’t want that to happen, but it’s a very different situation if, say, there were passwords.”

But those remaining passwords haven’t gone to waste. Hunt also lets users search more than half a billion standalone passwords, allowing users to search to see if any of their passwords have also landed in Have I Been Pwned.

Anyone — even tech companies — can access that trove of Pwned Passwords, he calls it. Browser makers and password managers, like Mozilla and 1Password, have baked-in access to Pwned Passwords to help prevent users from using a previously breached and vulnerable password. Western governments, including the U.K. and Australia, also rely on Have I Been Pwned to monitor for breached government credentials, which Hunt also offers for free.

“It’s enormously validating,” he said. “Governments, for the most part, are trying to do things to keep countries and individuals safe — working under extreme duress and they don’t get paid much,” he said.

“There have been similar services that have popped up. They’ve been for-profit — and they’ve been indicted.”
Troy Hunt

Hunt recognizes that Have I Been Pwned, as much as openness and transparency is core to its operation, lives in an online purgatory under which any other circumstances — especially in a commercial enterprise — he would be drowning in regulatory hurdles and red tape. And while the companies whose data Hunt loads into his database would probably prefer otherwise, Hunt told me he has never received a legal threat for running the service.

“I’d like to think that Have I Been Pwned is at the far-legitimate side of things,” he said.

Others who have tried to replicate the success of Have I Been Pwned haven’t been as lucky.

“There have been similar services that have popped up,” said Hunt. “They’ve been for-profit — and they’ve been indicted,” he said.

LeakedSource was, for a time, one of the largest sellers of breach data on the web. I know, because my reporting broke some of their biggest gets: music streaming service Last.fm, adult dating site AdultFriendFinder, and Russian internet giant Rambler.ru to name a few. But what caught the attention of federal authorities was that LeakedSource, whose operator later pleaded guilty to charges related to trafficking identity theft information, indiscriminately sold access to anyone else’s breach data.

“There is a very legitimate case to be made for a service to give people access to their data at a price.”

Hunt said he would “sleep perfectly fine” charging users a fee to access their data. “I just wouldn’t want to be accountable for it if it goes wrong,” he said.

Project Svalbard

Five years into Have I Been Pwned, Hunt could feel the burnout coming.

“I could see a point where I would be if I didn’t change something,” he told me. “It really felt like for the sustainability of the project, something had to change.”

He said he went from spending a fraction of his time on the project to well over half. Aside from juggling the day-to-day — collecting, organizing, deduplicating and uploading vast troves of breached data — Hunt was responsible for the entirety of the site’s back office upkeep — its billing and taxes — on top of his own.

The plan to sell Have I Been Pwned was codenamed Project Svalbard, named after the Norweigian seed vault that Hunt likened Have I Been Pwned to, a massive stockpile of “something valuable for the betterment of humanity,” he wrote announcing the sale in June 2019. It would be no easy task.

Hunt said the sale was to secure the future of the service. It was also a decision that would have to secure his own. “They’re not buying Have I Been Pwned, they’re buying me,” said Hunt. “Without me, there’s just no deal.” In his blog post, Hunt spoke of his wish to build out the service and reach a larger audience. But, he told me, it was not about the money

As its sole custodian, Hunt said that as long as someone kept paying the bills, Have I Been Pwned would live on. “But there was no survivorship model to it,” he admitted. “I’m just one person doing this.”

By selling Have I Been Pwned, the goal was a more sustainable model that took the pressure off him, and, he joked, the site wouldn’t collapse if he got eaten by a shark, an occupational hazard for living in Australia.

But chief above all, the buyer had to be the perfect fit.

Hunt met with dozens of potential buyers, and many in Silicon Valley. He knew what the buyer would look like, but he didn’t yet have a name. Hunt wanted to ensure that whomever bought Have I Been Pwned upheld its reputation.

“Imagine a company that had no respect for personal data and was just going to abuse the crap out of it,” he said. “What does that do for me?” Some potential buyers were driven by profits. Hunt said any profits were “ancillary.” Buyers were only interested in a deal that would tie Hunt to their brand for years, buying the exclusivity to his own recognition and future work — that’s where the value in Have I Been Pwned is.

Hunt was looking for a buyer with whom he knew Have I Been Pwned would be safe if he were no longer involved. “It was always about a multiyear plan to try and transfer the confidence and trust people have in me to some other organizations,” he said.

Hunt testifies to the House Energy Subcommittee on Capitol Hill in Washington, Thursday, Nov. 30, 2017. (AP Photo/Carolyn Kaster)

The vetting process and due diligence was “insane,” said Hunt. “Things just drew out and drew out,” he said. The process went on for months. Hunt spoke candidly about the stress of the year. “I separated from my wife early last year around about the same time as the [sale process],” he said. They later divorced. “You can imagine going through this at the same time as the separation,” he said. “It was enormously stressful.”

Then, almost a year later, Hunt announced the sale was off. Barred from discussing specifics thanks to non-disclosure agreements, Hunt wrote in a blog post that the buyer, whom he was set on signing with, made an unexpected change to their business model that “made the deal infeasible.”

“It came as a surprise to everyone when it didn’t go through,” he told me. It was the end of the road.

Looking back, Hunt maintains it was “the right thing” to walk away. But the process left him back at square one without a buyer and personally down hundreds of thousands in legal fees.

After a bruising year for his future and his personal life, Hunt took time to recoup, clambering for a normal schedule after an exhausting year. Then the coronavirus hit. Australia fared lightly in the pandemic by international standards, lifting its lockdown after a brief quarantine.

Hunt said he will keep running Have I Been Pwned. It wasn’t the outcome he wanted or expected, but Hunt said he has no immediate plans for another sale. For now it’s “business as usual,” he said.

In June alone, Hunt loaded over 102 million records into Have I Been Pwned’s database. Relatively speaking, it was a quiet month.

“We’ve lost control of our data as individuals,” he said. But not even Hunt is immune. At close to 10 billion records, Hunt has been ‘pwned’ more than 20 times, he said.

Earlier this year Hunt loaded a massive trove of email addresses from a marketing database — dubbed ‘Lead Hunter’ — some 68 million records fed into Have I Been Pwned. Hunt said someone had scraped a ton of publicly available web domain record data and repurposed it as a massive spam database. But someone left that spam database on a public server, without a password, for anyone to find. Someone did, and passed the data to Hunt. Like any other breach, he took the data, loaded it in Have I Been Pwned, and sent out email notifications to the millions who have subscribed.

“Job done,” he said. “And then I got an email from Have I Been Pwned saying I’d been pwned.”

He laughed. “It still surprises me the places that I turn up.”

Related stories:


Source: Tech Crunch