General
121 results found
-
Improve Domain Verification UX — Allow Pending State and Re-Verification Instead of Immediate Failure
Description
When adding a new domain for monitoring via DNS TXT record, the verification fails immediately if the record hasn’t propagated yet. The modal shows:
“The TXT record was not found, you may need to allow some more time for DNS to propagate between adding it then verifying.”
After that, the domain doesn’t appear anywhere in the dashboard — there’s no “pending verification” state, no option to retry verification later, and each new attempt generates a new TXT record.
This means you can’t verify a domain that takes longer to propagate unless you keep the modal open for hours and…10 votes -
Make an extension that checks if the website has got a data breach
Make an extension that tells a client that the current domain name has been recently breached by data miners and or hackers. making sure the people searching are aware of the dangers that have occurred recently. as a side suggestion to this tell the searcher that it is recommended for them to change their password
3 votes -
My eyes may have heard:
Fellow brethren Hackers/ Ptesta's bounty hunters as we know there a so many Hack sites and forums poulated by both ethical/ethi.What talents. with post's of such ingenuity, answers with flowchart overly detailed methods, Code meticulously presented with running commentry explaining process an outside observer would go hey? is that even legal labelling mystery poster definate threat actor until his next post countering every shady suggestion and code with same or greater force. Comments AND likes aplenty. "Siren for silent hill indicating reply New member of 9 days avatar black hooded u/n c14T4_L012c1 reads "exactly like poorsupplychain.moc less than 72 hours…
1 vote -
The possibillity to be able to exclude certain email addresses from future findings
As we have a lot of students I get quite a few notifications about breaches. Sadly I get notifications about accounts that do not exist within the organisation for already over 10 years. Yet the account details keep showing up at new breaches that seems to be selling extreme old details.
I can totally understand that you do not want to remove the count of the amount of breaches found. But it would be nice to be able to mute new findings for accounts that no longer exist. That saves us going thru long lists of accounts every breach. While…
6 votes -
Allow additional emails in a dashboard
I use a personal domain for most of my email, but also have an address on gmail to use Google services. The current HIBP dashboard system allows me to add multiple domains, but it does not allow me to add an individual address at a domain I do not control. This is inconvenient. Please let us add personal addresses to our dashboard so that we can see all of our information in one place.
6 votes -
Navigation on Dashboard
On the Personal Dashboard, Overview tab, there's 2 boxes: Data Breaches and Pastes. Mousing over these boxes highlights them (they subtly change colour) but there's no action on clicking them. Wouldn't it be better if clicking these navigated to https://haveibeenpwned.com/Dashboard#Breaches and https://haveibeenpwned.com/Dashboard#StealerLogs respectively?
From a UX point of view that what I was expecting to happen.Similarly on Business Overview - I would expect Domains Monitored to navigate to https://haveibeenpwned.com/Dashboard#Domains
1 vote -
1 vote
-
CNAME records for domain verification
It would be nice if you could allow for using CNAME records for domain verification.
Example:
hibp_s8stqti7w56477ulmvzid31k IN CNAME verify.haveibeenpwned.comThis way we can avoid polluting our domain apex with even more TXT records.
7 votes -
discord data breach
this have been breached around Oct 3
4 votes -
Allow back button when going from domain back to list
When you are on this page: https://haveibeenpwned.com/Dashboard#Domains
And you click on a domain search icon, you cannot use the back button (or mouse back button) to go back.
Should be an easy fix by pushing the domain into part of the next page address into the URL history.
2 votes -
Vtenext Data Breach
I saw a recent suggestion regarding the inclusion of the Vtenext data breach that affected Dolomiti Energia and Sorgenia.
To assist you in validating and adding this breach, I believe I have located links on the dark web and a public breach tracking site that appear to host or reference the leaked data.
I recommend you investigate the following links:
- Dark Web Forum Post:
https://darkforums.st/member.php ?action=profile&uid= 7728>KaruHunters</a>
- Public Breach Tracking:
https://hackeralert.it/index.php ?page=entryDetails&id=130576
I hope this information is helpful in expediting the process of adding this significant breach to Have I Been Pwned? for the benefit of the affected Italian users.
2 votes -
Permit multiple addresses to be searched at one time
Allow multiple email addresses from different (or same) domains to be searched at one rime. I have multiple email addresses myself and manage email addresses for various other activities e.g. supporting my elderly mother and charitable work.
5 votes -
Include actual API name of breach...
Please include the actual API name of the breach next to the word 'Permalink' on your 'Who's Been Pwned' page so that it can be 'CTRL-F' searched on the page. It's not always exactly the same as the common name for the data leak.
1 vote -
have a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said company
have a way to search a company and see if there is a data breach also even if there isnt a current one maybe the history with said company
1 vote -
An account system
(request 1/2) I feel like it would be nice to rather than ask for updates through all of your emails, it would be nice to group all your emails together into an account and have them all send to an email of your choice
3 votes -
Differentiate hashed and plaintext passwords in the data classes
Split the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered)
4 votes -
Authorize Domain by API
Add API Functions to Authorize by TXT records to the API.
The way I'd do it would be to add an endpoint to view the TXT Record details you need to add... then a second endpoint to verify the TXT Record is valid...Abuse Mitigations are pretty easy, cap max hits/min to the second Endpoint as it has to perform DNS lookups to do it.
And the first endpoint can't really be abused anyway as no doubt you combine the user's email plus the domain to get the hash in the TXT record... so that's a nothing function.This will…
37 votes -
CURL script for documentation
The API call documentation is not clear. Can you guys just use CURL command line for documentation or Postman?
3 votes -
Add a "Notes" Column
Add a editable "Notes" column to the Successfully verified domains table.
For example, we'd like to add a Client description. This is so that when they need to be removed from HIBP Portal. We can ensure we remove all domains related. Without this, the portal becomes difficult to manage large amounts of clients.
It would be nice to see a "domain date added" column too.1 vote -
Provide an OpenAPI specification
When a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage.
There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator
An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json
It allows the creation of attractive interactive docs which can be used to execute the api directly.
It can be edited and validated in a number of ways
- online…2 votes
- Don't see your idea?