General

  1. Badges!

    Would be amusing to have an hibp breach count badge next to peoples usernames on blogs/etc. alongside their twitter badge, SO scores, etc.. Might help to raise awareness of hibp.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. API access: Recurring yearly payment

    This would help us alot as a company. Doing monthly bill mapping with a corporate creditcard is not working for us :-)

    171 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add SSH leaked keys

    We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
    SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create different pricing for different rate limits

    Right now there is a 1.5-second delay time b/w request, which is a long delay wait-time for us.
    Currently, we have to thread multiple API keys together to decrease the rate limit, though we'd rather only have to use one and pay a bit extra.
    It would be very helpful if we could pay extra to have a lower rate limit (e.g. think tiers for rate limits maybe?)

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. add CERT@<domain> for verification email on domain searches

    able to let a verification email send to cert@<domain> send

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add the “Notify Me” element to API functionality

    Add the “Notify Me” element to API functionality so that people can be automatically added to the monitoring (as well as the one off checks)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Due diligence search on prospective service domains

    Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. user submission of phish mails that charge bitcoin ransom by putting old password in subject

    i got yet another mail with the same template of putting one of my previously used passwords that have been potentially obtained from one or more breaches.
    there has to be a secure process that hibp can build for users if they can responsibly reset all the site logins where that password is used and maybe make hibp aware that there are breaches from where these credentials are obtained and perhaps get a way to be alerted to. user may take a decision if they want to continue with the service that was breached, regardless of changing the password.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add MostRecentDate to Domain Search results

    When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Table view for breach list

    It would be nice to have an option to show the list of breaches for a particular e-mail address in table form with 1 row per breach and 1 column per piece of information involved (username, e-mail, name, dob, socio-economic, ssn, etc.) with maybe a score for how egregious the underlying issue was (plaintext/unsalted md5, etc.) and/or how sophisticated the attack was.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. https://gitlab.com/ronaldoats/combos.vip-live.com

    List of users and passwords 2,436,867 accounts

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Options to Recover Hacked accounts

    Ive been hacked on 3 personal computers, 1 Verizon phone and 2 burner phones almost immediately after activating them. It all happened at the same time. Then the burners 2 days in a row.
    WTF is the point? Even my truck is hacked? Who hacks new phones so obviously with 0 information?
    They hacked a 4th computer which is a corporate laptop for I'm a Fortune 500 company. "They got a little cocky with that one." Is anything available to recover several email accounts, photo galleries, apps, ect. That use the same email address?
    They grouped photos and videos of…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Free Developer Access to Paid API

    I suggest dev access.
    Either by access to fake data, or by minimum access, some results based on a rank.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Microsoft flow integration for a domain

    An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Accept donation via Bitcoin SV which has very low tx fees. It is very easy with www.moneybutton.com/config or docs.relayx.io

    Accept donation via Bitcoin SV which has very low tx fees. It takes only a few minutes with www.moneybutton.com/config or docs.relayx.io

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update Zygna.com data breach information

    I've just been informed that the Zygna.com data breach included my phone number. Which, makes sense, since it is usually installed on mobile devices. You don't list phone numbers are part of the data breach.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. add icons for passwords and credit card numbers in report

    Since breaches of passwords and credit card numbers are so much worse than any other breaches, it would be great if you added icons to the Pwned sites column in the report. That is it would say:

    Adobe, Forbes🔑, Vodaphone💳, Zomato🔑

    This allows people to focus on the most important issues first. Dates would help in this regard:

    Adobe 2013, Forbes🔑2014, Vodafone💳2013, Zomato🔑2017

    This isn't adding any information you don't already have, just making it more convenient.

    (The emoji are 🔑 U+1F511 or🗝️ U+1F5DD and 💳 U+1F4B3.)

    Thanks for providing this great service!

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Offer an option to inform where you have been compromised

    offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. allow the pwnd password query to show the sites/breaches the password was included in?

    I have a relatively unusual password that I used to use widely. However, I stopped doing that years ago. It currently shows up in 6 breaches. I would love to know which sites still have it so that I can check/resurrect those accounts.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base