General
117 results found
-
Full email service for companies to help CISOs
Hello,
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I…7 votes -
Notify Me does not accept phone number
Notify me has validation for email and does not accept phone number.
Ability to order notify by phone number also.
4 votes -
Split up breach listing page
This page:
https://haveibeenpwned.com/PwnedWebsites#Facebook
Is surprisingly difficult to browse on mobile, because it's so very long.
The anchor link doesn't seem to always take you to the right section, because of the page length, at least on mobile. On desktop, it works fine though.3 votes -
Show me an example of the response that is received when a phone number is sent to the breachedaccounts api endpoint
I am working on an application - I am unable to find a number that was in a breach. Can you please provide me an example response when a phone number is queried to the breachedaccounts api. I just need to look at the structure and the keys
3 votes -
Add SSH leaked keys
We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.105 votes -
Indicate which data classes were compromised for each record in a breach
So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.4 votes -
Notify email owner by phone text message
Offer the flexibility for a user to enter all email addresses owned by the user along with a mobile number through which the user gets notified if any of the listed emails are pwned.
6 votes -
Paypal option to pay API key
Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)
16 votes -
1 vote
-
Google Analytics?
I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
Thanks
Bernd4 votes -
Unsubscribing partial domain email breach notification with multiple domains
If you register an email notification for multiple domains, you are notified for all domains.
However, if at some point you no longer wish to be notified about one of the domains, it does not seem possible to unsubscribe from one of the domains only. (If you unsubscribe from both, and then re-subscribe to just 1 of the domains, it seems like your previous multi-domain account with the same email is reactivated, and multiple domain notifications are again emailed.)1 vote -
For each of the download files, can you make available a sample file with 100 rows?
Instead of downloading the large file to see the file format, I would like to download a 100-row example. This would save bandwidth and allow someone to experiment with integrating the database into an app without having to download the very large example.
2 votes -
Identifying Password Reuse Between Seperate Breaches
When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.
This would be interesting for individual accounts, but more useful when monitoring domains.
If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.
If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.
1 vote -
Add hover text to define "paste" and "paste accounts" on home page
I had to hunt around in About to learn what these were.
Thank you,
--Ben2 votes -
Internationalized domain name
Domain search verifying by email : domains with umlauts get not an email without any error message. Of course, if you convert domain name from IDN into ACE string before you enter it works.
1 vote -
add a webhook option for domain breach notifications.
In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.
10 votes -
Add the “Notify Me” element to API functionality
Add the “Notify Me” element to API functionality so that people can be automatically added to the monitoring (as well as the one off checks)
7 votes -
Add date stamps to each breach listed on the home page
So visitor can quickly grasp how up-to-date your data is.
Thank you,
--Ben1 vote -
Add MostRecentDate to Domain Search results
When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.
7 votes -
Due diligence search on prospective service domains
Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service
2 votes
- Don't see your idea?