HIBP runs on a hybrid of platforms and services, most notably:
- Microsoft Azure: App services, "serverless" Functions, API Management Services (APIM), SQL Server and Azure Storage (blobs, tables and queues)
- Cloudflare: DNS, Reverse proxy, Web Application Firewall (WAF), R2 Storage, Workers
In addition, we make use of other third-party services, including SendGrid for transactional email, Stripe for payment processing and Zendesk for support tickets and the service running this knowledge base. There is extensive publicly available information on the architecture of various HIBP services, most notably under the Have I Been Pwned tag on troyhunt.com.
HIBP does not produce or distribute formal ITIL-style service management documentation such as a Business Continuity Plan (BCP), Recovery Time Objective (RTO) statement, or detailed backup run-books. The service is operated by a very small team with an emphasis on leveraging resilient cloud-native services and multiple independent providers rather than maintaining traditional enterprise governance documents.
That said, there are several important factors to highlight about continuity and resilience:
Backups and Redundancy
Azure SQL Database: Built-in geo-replication and point-in-time restore capabilities provide resilience against both data loss and service failures.
Azure Storage (blobs, tables, queues): Data is replicated within Azure regions with options for geo-redundancy.
Cloudflare R2: Provides durable, S3-compatible object storage used for static assets and resilience across geographies.
Recovery and Resilience
Platform Services: App Services, Functions, and APIM run on Azure’s globally distributed infrastructure with built-in failover and scaling.
Multi-provider architecture: DNS, WAF, email, payments, and support each run on independent providers, reducing single-vendor dependency.
Stateless workloads: Most HIBP services are designed to be redeployed rapidly from source control and infrastructure as code.
Business Continuity
Minimal single points of failure: Core services are distributed across Azure and Cloudflare.
Public transparency: In the event of major service incidents, updates are communicated promptly via @troyhunt on X and other public channels.
Operational pragmatism: As a small, independent service, HIBP focuses on practical resilience strategies rather than enterprise paperwork.
Disclosure of Further Information
The details above and in the previously mentioned blog posts represent the full extent of information made publicly available about HIBP’s resilience and continuity practices. No additional documentation, diagrams, or internal processes are shared beyond this point. This ensures the balance between transparency and security while keeping operational details appropriately safeguarded.