Skip to content

General

116 results found

  1. I wish there was a "View More" feature for "Recently Added Breaches"

    It would be nice to have a View More feature in the Recently added breaches tab on the home page. I wish I could see up to 100.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. An account system

    (request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Provide an API endpoint for domain verification

    Currently to verify a domain for domain searches it must be done manually via a web interface. It would be extremely useful for use cases web hosting services/MSP's to be able to verify domains via an API so DNS verification + domain searches can be done automatically

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Differentiate hashed and plaintext passwords in the data classes

    Split the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered)

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. CURL script for documentation

    The API call documentation is not clear. Can you guys just use CURL command line for documentation or Postman?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Add a "Notes" Column

    Add a editable "Notes" column to the Successfully verified domains table.

    For example, we'd like to add a Client description. This is so that when they need to be removed from HIBP Portal. We can ensure we remove all domains related. Without this, the portal becomes difficult to manage large amounts of clients.
    It would be nice to see a "domain date added" column too.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. different Payment methods,

    Since Creditcard is not commonly used in some parts of the world, adding PayPal for example could create Access for more Companies.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Implement test API Key for automated domain search tests

    I've created a little python tool that queries the hibp domain search for verified domains and breaches related to aliases of this domain. It then saves them to a csv-file.

    Link to the project: https://github.com/security-companion/hibp-harvester

    In order for better quality I would like to add automated testing via github actions. So my question is if you could provide a test-API key that has some domains subscribed with some breaches in the aliases so that I could query these and by this make sure code is still good when I change something.

    For creating the tool I made a subscription and…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Ignore pastes over two years old

    Ignore pastes that are I suggest more than two years old if the email address hasn't been pwned in that time as it's highly unlikely to become pwned after that time. Leaving it in for a pwned account gives a clue to the source of becoming pwned

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Breach and the accounts on your domains through API

    When there is a breach we get an email with the number of accounts for ur domains, then I can use the API to get the breacheddomain. But then I get alle the breaches for that domain, and I want to get only a specifiek breach. So you can search on domein and breach and then get the accounts regarding this.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Provide an OpenAPI specification

    When a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage.

    There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator

    An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json

    It allows the creation of attractive interactive docs which can be used to execute the api directly.

    It can be edited and validated in a number of ways
    - online…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Add payment methods to allow payment by invoice / purchase order

    Some businesses do not allow purchase by card

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Authorize Domain by API

    Add API Functions to Authorize by TXT records to the API.
    The way I'd do it would be to add an endpoint to view the TXT Record details you need to add... then a second endpoint to verify the TXT Record is valid...

    Abuse Mitigations are pretty easy, cap max hits/min to the second Endpoint as it has to perform DNS lookups to do it.
    And the first endpoint can't really be abused anyway as no doubt you combine the user's email plus the domain to get the hash in the TXT record... so that's a nothing function.

    This will…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Add Telegram Bot

    Add a official Telegram Bot to receive updates directly from Telegram about phone numbers (actually not present) and emails that are leaked.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Add a "Get all pastes for a domain" API endpoint

    Currently, HIBP offers a "Get all breached email addresses for a domain" API endpoint and a "Get all pastes for an account" endpoint, but no endpoint exists to search for all pastes for a domain.

    The domain search API endpoint is incredibly efficient (especially for enterprise customers), but it does not return known pastes for each account. This can be very painful for multiple reasons (not limited to):

    1.) Just because an account has NOT been seen in a third-party breach tracked by HIBP does NOT mean it hasn't been seen in a paste. This means we are seeing an…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. I don't know how to 'search sensitive breaches'. I am subscribed. I'm talking about the option listed underneath search results

    So, 1- I got a notification from MyIDCare recently about a breach found Dec 16, 2023. Usually I get a 'pwned' notice as well, but this time I didn't. Just fyi.

    2- When I searched my email pwned gave me the results, and underneath there was an option to 'subscribe to search sensitive breaches'. I am subscribed. I looked around for a search breaches option, but I don't see anything. I assume this is a different function that the main 'search my email' function on the home page. Because you don't need to be subscribed to do that. I assumed…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Domain Search Spam Filtering or Sorting

    After running a domain search there is some instances that you have a small number of "Addresses Excluding Spam" and a very high number of "All Breached Addresses".

    It would be super useful to be able to sort by Spam or Excluding Spam Addresses.
    Maybe a dropdown or a tickbox to be able to filter out the spam breached addresses.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Add an API to get the most recent breach date by account/email

    On my website, I'd like to detect if the user's password has been recently breached so I can ask them to reset their password. It would be easy if there is an endpoint that given an account/email returns a single timestamp or breached date of the most recent breach if there is one.

    With the current API, the only way to achieve this is to use the v3 breachedaccount API with the option truncateResponse set to false. The untruncated response body of the endpoint is quite large. On top of that, I'd have to deserialize the response to JSON then…

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Developer mailinglist to notify of API changes

    As a developer & maintainer of a HIBP package / library, keeping it up to date currently requires constantly checking the API documentation in its entirety to discover any changes. This isn't always obvious and inefficient.

    I would like to see either a mailing list that developers can subscribe to, or some other kind of notification (at minimal, at least a public changelog that can be read, but preferably something that would alert to the fact that changes have been made) that can be easily parsed to determine:

    1. If there have been any changes to the API
    2. What those changes…
    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Add test emails with recent breaches.

    https://haveibeenpwned.com/API/v3 documentation lists test emails but they have old breaches.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 6
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base