Have I Been Pwned now supports MSPs in several paid tiers
MSPs can now access HIBP offering to help mitigate cyber breaches for their customers.
Popular cybersecurity Have I Been Pwned (HIBP) has recently expanded its offerings to include supporting MSP monitoring.
In a blog post, Troy Hunt, CEO and founder at HIPB noted that MSPs can’t take the idea and create a competing product.
“But they can absolutely add it to the offerings they provide to their own customers,” he said.
Hunt, who is Aussie-based and a Microsoft Regional Director told CRN Australia they didn't explicitly allow MSPs in the past as “they didn't want one simple service that's only one-hundred-something bucks a month to be applied across a huge number of domains belonging to multiple customers”.
“Domain searches can hit us pretty hard in terms of resource use and cost and whilst you could add unlimited domains to a subscription, allowing MSPs could hurt,” he said.
Hunt added that the only thing that stopped MSPs was terms and conditions. Which he said, “most people don't read anyway.”
Previously, the terms and conditions stated: “The benefit of a third party (including for use by a related entity or for the purpose of reselling or otherwise making the Services available to any third party for commercial benefit).”
They have now been updated with this additional clause, “unless you have purchased a Paid Service which expressly allows you to do so.”
Hunt said, “We can offer the service to [MSPs] now because we have hard caps on the number of domains a subscription can have which gives us some insurance against things getting out of control.”
Prior to the update, Hunt said MSPs would bundle their services into their existing offerings.
“So for example, they do ongoing threat analysis for customers and exposures noted in HIBP is just one part of the service,” he stated.
Hunt and his team saw an increasing number of requests from through their ticketing system from MSPs.
“We could see it in the data that MSPs were using the previous service (i.e. subscriptions monitoring lots of different domains from different orgs),” he said.
Hunt said he doesn’t expect MSPs to contribute any significant new revenue.
“They're ultimately a small portion of the existing subscriber base but given we've limited them to the Pro plans, we will see higher revenue on a per-customer basis for MSPs,” he said.
For Hunt, the “big trick” for them is to try and make the data more consumable.
“Particularly for bigger orgs and MSPs who need to trawl through so much of it,” he explained.
“Ultimately, to goal is to put as much information as possible in the hands of orgs who can use it to make meaningful changes to their security posture.”
New features for paid tiers
Allowing MSPs into the fold also coincides with HIBP updating its plans bringing four tiers to subscribers, Core, Pro, High RPM, and Enterprise.
Managed service providers can now access Pro and High RPM.
Some of the new features that MSPs can now use include, automating domain verification, and auto-verifying subdomains.
For future updates, Hunt is working on bringing HIBP into the agentic AI era.
“We've got a bunch of stuff in the works to help make the data more accessible to AI agents which will be really useful for MSPs,” he said.
“It'll mean they can much more easily prepare meaningful reports for their customers and turns what's previously been pretty raw data into more insightful intelligence.”
According to Hunt, HIBP supports hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches.