Skip to content

General

229 results found

  1. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Check Pastir.com for pastes

    Mine was there but your site didnt find it

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Investigate this: Dear Alumni & Friends, Report of a Data Security Incident I am writing to notify you of a data security incident that ha

    Dear Alumni & Friends,

    Report of a Data Security Incident

    I am writing to notify you of a data security incident that has affected one of the University’s third party service providers, Blackbaud, which provides cloud computing software used for processing some of your personal data.

    We recognise that this is unsettling news and we sincerely apologise that this has happened, but rest assured that Blackbaud have taken steps to mitigate this incident and any risks to your information. The University is following up with internal investigations and remedial actions of its own. However, we advise that you be vigilant…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Xploder forum breach

    Hey,
    when googling one of my email addresses I found three similar dumps from xploder forums. This is not showing up when I search for my email here.
    How can I send you a link to the dumps, post it just here?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Confirmation e-mail before displaying pwned data

    Hi Troy

    Could you please implement a security feature that would require the email address owner to validate their email details before supplying the complementing pwned report.

    This simple feature would make it harder for a malicious actor to identify what security breach data to search when looking for additional personal details that complement a user's email address.

    Please note that the above scenario assumes that a malicious actor can acquire a copy of the data that is highlighted in pwned report.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Partial matches

    I am being notified for breaches that partially match my email. Today I was notified that there was a leak (for example) "joe@live.com". When in fact notmyemail_joe@live.com was leaked.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Define the password length that can be hacked.

    IT people at work have told us 15 characters is the max. Is that true? If someone used a 21 character password, what hackers capture the entire 21 character password?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Has Mega been pwned? I received an email from support@mega.nz on 27 June 2020 (extract below)? I had used a strong and unique password.

    YOUR MEGA ACCOUNT HAS BEEN LOCKED FOR YOUR SAFETY; WE SUSPECT THAT YOU ARE USING THE SAME PASSWORD FOR YOUR MEGA ACCOUNT AS FOR OTHER SERVICES, AND THAT AT LEAST ONE OF THESE OTHER SERVICES HAS SUFFERED A DATA BREACH.

    While MEGA remains secure, many big players have suffered a data breach (e.g. yahoo.com, dropbox.com, linkedin.com, adobe.com, myspace.com, tumblr.com, last.fm, snapchat.com, ashleymadison.com - check haveibeenpwned.com/PwnedWebsites for details), exposing millions of users who have used the same password on multiple services to credential stuffers (https://en.wikipedia.org/wiki/Credential_stuffing). Your password leaked and is now being used by bad actors to log into…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    All email address numbers represented on HIBP are the number of unique addresses parsed out via regex from the data set I was provided with. If HIBP represents 263k, then that’s how many addresses were in the data.

  11. Update with the Zoom data breach

    Add the people whose account details were made available after using Zoom

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  12. able to search breached apps

    if i want to install an app and i want to see if that app or website is compromised i don't want to install it.so make a searchable page for breached apps and websites

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. How to opt-in again after opting-out? Please read :)

    I have opt-out by removing my email addr from public search.

    I thought by using an API key to search for my own email, I am able to retrieve my own breaches, but it was a 404.

    How do I opt-in again or at least allow email address owners to search for their own breaches?

    I think the language is not very clear on the opt-out page, thus leading to me buying the API key for nothing. I wasted $3.50

    It says "You can still search your own address using the notification service that ensures you control the address before…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

    UserVoice is for suggesting new ideas so I’m marking this as “declined”.

    Your address will only still be searchable by yourself if you choose the first option that simply removes it from public visibility. If you choose either the 2nd or 3rd option, the data is permanently deleted and no longer searchable by any means.

  14. How do I get a list of which website your service tells me I've had breached?

    You site tells me my email address has been breached thirteen times.
    How do I get a list of those websites your service tells me I've had breached?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Fix your verification links

    Your service is unusable because you are sending out verification links by email with tokens in them that are invalid.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Wildcard support

    Similar to the requests for 'wildcard support for spamgourmet' and 'searches using the "+" syntax' Fastmail (and I suspect other providers) offer the facility to send email to <anything>@<myemail>.fastmail.com - where the "normal" email address is myemail@fastmail.com

    I use this extensively to register unique email addresses for each site (so if spam comes in i can see where it was leaked from) but in many cases i've no record of which sites i've used addresses on.

    as such it would be very useful to check for *@<myemail>.<providerdomain.com>

    to prevent abuse e.g. someone trying to register *@hotmail.com then send a verification…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    The big difference with the plus aliasing syntax is that it’s a very broadly adopted pattern that whilst not a spec (and frankly, that’s a big part of why this feature doesn’t exist), is broadly supported. I don’t want to get into a cycle where one specific mail provider (and a smaller one at that) implements something specific to them and HIBP needs to implement that pattern.

  17. An ability to remove the alarm

    Seen the breach, I have changed all my passwords some of them several times over. This name and password list are several years out of date. So old as to be useless. The alarms are now false.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Feature that allows you to search for all the sites your email has been used to create a log in for

    I would like to know which websites I have created a username on with my email address so that I can access them and manage the passwords for them. at this time, I can only manage the ones I REMEMBER using my email to sign up with, but I know there are probably hundreds out there that I have created login credentials for because just about every site or out there requires you to create an account in order to use it.

    I want to protect those accounts BEFORE I know a breach has occurred so there are no surprises.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base