Philippines joins Have I Been Pwned government monitoring program

The Philippine government has become the 46th national government to join the free government monitoring service of Have I Been Pwned (HIBP), according to cybersecurity researcher Troy Hunt.

The initiative gives the Philippines’ National Computer Emergency Response Team (National CERT), working with the Department of Information and Communications Technology (DICT), access to tools that can monitor official government domains for accounts exposed in known data breaches.

In a blog post published Wednesday, Hunt said the DICT’s Cyber Threat Intelligence and Monitoring Section can now identify government email addresses that appear in newly discovered data breaches and take action before attackers exploit the exposed credentials.

The service allows government cybersecurity teams to monitor credential exposure across government domains, receive alerts when new breaches are added to the HIBP database, and query affected domains through an application programming interface (API).

According to Hunt, the goal is to help governments reduce the risks associated with compromised accounts and strengthen cyber defenses across the public sector.

The Philippines joins a growing list of governments worldwide that use HIBP as part of their cybersecurity monitoring efforts. Similar programs have recently been adopted by Bangladesh, Bhutan, the Bahamas, and Costa Rica.

What is Have I Been Pwned?

Have I Been Pwned, commonly known as HIBP, is a free online service created by Troy Hunt that allows individuals and organizations to check whether their email addresses, usernames, or passwords have appeared in publicly known data breaches. The term “pwned” is internet slang meaning that a person or account has been compromised.

Users simply enter their email address on the HIBP website. The service then checks its database of breach records and reports whether that email address was found in any known incident. If it was, users can see which breach exposed their information and take steps such as changing passwords, enabling multi-factor authentication, and monitoring affected accounts.

For organizations and governments, HIBP offers monitoring services that automatically alert administrators when email addresses from their domains appear in newly disclosed breaches. This enables faster response to compromised credentials and helps reduce the risk of account takeovers and credential-stuffing attacks.

Cybersecurity practitioners generally regard HIBP as one of the most trusted public resources for checking exposure in data breaches. It is widely used by governments, security teams, and ordinary internet users worldwide.

For Filipinos, the announcement means that government cybersecurity teams now have an additional tool to detect exposed government accounts before they can be abused by cybercriminals, helping strengthen the country’s overall cyber defense posture.