General

  1. allow the pwnd password query to show the sites/breaches the password was included in?

    I have a relatively unusual password that I used to use widely. However, I stopped doing that years ago. It currently shows up in 6 breaches. I would love to know which sites still have it so that I can check/resurrect those accounts.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. add icons for passwords and credit card numbers in report

    Since breaches of passwords and credit card numbers are so much worse than any other breaches, it would be great if you added icons to the Pwned sites column in the report. That is it would say:

    Adobe, Forbes🔑, Vodaphone💳, Zomato🔑

    This allows people to focus on the most important issues first. Dates would help in this regard:

    Adobe 2013, Forbes🔑2014, Vodafone💳2013, Zomato🔑2017

    This isn't adding any information you don't already have, just making it more convenient.

    (The emoji are 🔑 U+1F511 or🗝️ U+1F5DD and 💳 U+1F4B3.)

    Thanks for providing this great service!

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. API access: Recurring yearly payment

    This would help us alot as a company. Doing monthly bill mapping with a corporate creditcard is not working for us :-)

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. 9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sort pwned sites by date

    HI Can you sort pwned sites by date rather than alphanumeric - most recent discoveries first?

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Mark Wii U ISO as a sensitive breach

    Wii U ISO is a site that hosts illegal downloads of pirated video games. This include Roms & ISOs for Nintendo Switch, Wii U, and 3DS. The ability to upload or download games is only available for registered users.

    Because having an account could link users to illegal software piracy, I would like to propose adding it to the list of sensitive breaches.

    (Arguably, emuparadise should be marked as sensitive, as they previously distributed illegal ROMs)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide localised language versions

    IMO, HIBP is so useful that every single person in the world should have it bookmarked and all companies should monitor their domains accounts using it. Some users in our company use their business email address to create accounts in several websites, and thanks to HIBP our IT team is warned when one of them is pwned.
    We thought it would be a great idea to tell everyone about HIBP so they could verify and monitor their own personal accounts, so we did it by sending an email telling about HIBP to everyone in the company. Everyone was able to…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Anonymous statistics about the collected data

    Just to satisfy our hunger for data and curiosity about lists of all kinds of things, it would be interesting if the massive amount of data HIBP was processed to produce new data. It doesn't need to be searchable like Shodan's or GreyNoise's (while this would be amazing we don't need to think too much to understand the implied risks) and should not disclose sensitive information, but even with this limitation in the way it would be presented to the public (and keeping in mind the growing adoption of GDPR and similar regulations around the world), there are several processing…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add % of p0wn count already in DB as new field in API

    EG; https://twitter.com/haveibeenpwned/status/1180912324644888576 '87% of addresses were already in @haveibeenpwned'. In this case 87% of the 988k records were already in the DB. I can see the PwnCount, but not the % that was already in the DB, that's the attribute I'd like to be doing some querying on.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add search passwords by a hash value

    Let users use pre-generated hash values to search. Yeah, I know you calculate hashes of typed passwords on a client side, but some people still prefer not to type their password on 3rd party sites.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Unable to generate new api key 21/08/19

    Is there an issue with generating API keys right now? I'm unable to get a key receiving an error:
    An error occurred while processing your request
    The error has been logged and a notification sent.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Increase contrast in the footer

    In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Don't show pastes just by providing the e-mail address before verifying it's the actual owner

    Right now just by providing an e-mail address you can get pastes with plain password for that address. I can see how this can be abused. Could You implement some kind of verification that it's the actual owner of the e-mail? For example, sending an email which leads to a list of pastes where the password was found.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Report as an email containing additional details

    if the email address matches the username, provide associated data elements that have been breached. These could be as follows..
    1. plain-text passwords, password hashes associated with the email add.
    2. other PII .. address, phone#, IP, etc.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide visibility of email addresses subscribed for domains

    Provide visibility and manageability of email addresses subscribed for domains to ensure only appropriate people are receiving notifications.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Send enrollment email upon valid domain verification

    I successfully enrolled in domain search, but never got a confirmation message. Now when I forget whether or not I've enrolled my domain in a year (as will surely happen), I have no way of knowing if I'm just repeating efforts.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Domain Connect to the "Verify by domain TXT record" method

    This way TXT record can be added automatically at GoDaddy, 123reg, 1&1 IONOS and few others. See https://www.domainconnect.org/dns-providers/

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Filter breaches by "AddedDate"

    Add a date filter to the api/breachedaccount/{account} endpoint.

    In this way, we can only query breaches that were added after X date. This is helpful for notifications and reduces the amount of data we retrieve.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Remove captcha from the domain page

    Captcha is grotesequely unfair on people that have learning disabilities and is preventing me from properly using your service.
    Find an anti-robot mechanism that doesn't penalise real people with real problems.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base