Skip to content

General

203 results found

  1. www.socialengineforum.com (1 Jan '01): http://www.socialengineforum.com/dump.sql

    the listed date - "(1 Jan '01)" is, shall we say, an out-of-bounds error. Site didn't exist that long ago!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Tell the simple steps to get out of these problems who does not know the technology.

    Tell the simple steps to get out of these problems who does not know the technology, how to get out of pwning his/her email or some other account. Dr N C Ghatak.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Only distribute unique sha1 values

    The files version 1, update 1 and update 2 contains 320,3355,236 SHA1 values but only 320,294,464 are unique the difference are 40,772 values

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. provide Solutions

    Provide Solutions on "How To" reverse the process of compromised email address and passwords.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. what is this someone help me

    Oh no — pwned!
    Pwned on 4 breached sites and found 1 paste (subscribe to search sensitive breaches)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Make the bitcoin-related sites sensitive

    Otherwise, users of bitcoin could be targeted in order to steal their bitcoins (as they are worth so much right now).

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    The criteria I use for sensitive breaches is that the public discoverability potentially causes harm; adult websites, for example, have a social stigma.

    An increased likelihood of phishing is common to all breaches and at present, I don’t feel that a site merely being financial in nature is sufficient to categorise it along with the likes of Ashley Madison.

  7. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Recover latest pastes RSS feed

    The latest pastes RSS feed is empty

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Can we have option to add email address in verification

    It provides predefined email addresses. Can a previously verified user add another user email for verification. Also the verification process does not provide details if the email was sent successfully ( In my case it says successful but I am not receiving verification email)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. How to check if someone with complete access to my company server and all email ID's, has been stealing information?

    I've recently found out that my IT person from my company has been stealing information from us. He has complete access to it's domain and server. Do you have any advice on how I can see what kind of information he has taken?
    If you have any recommendations on how to find the information on his personal email ID's, that would be very helpful. Thanks

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Provide a way for me to see the password data or other data associated with my email. Since I use unique passwords, the source is known.

    Provide a way for me to find the password data or other data associated with my email. Since I use unique passwords, the source is known. I have no idea if there is valid data in Exploit.In or Anti Public Combo unless I have some more information. You may not want to host the data, but someone is doing it. I have concern over some of those sources. Knowing the password or hash would make it possible to identify the source of the problem.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. why is the yahoo and target breaches not listed?

    Why is the target and Yahoo breaches not listed

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Why did I receive an email indicating pwned on the JustDate fabricated breach, but when I search from the Home page, not listed?

    Why did I receive an email indicating pwned on the JustDate fabricated breach, but when I search from the Home page, only the Linkedin breach is noted? Is it possible that the email was spoofed? It looks almost exactly like the one i received when you posted the Linkedin breach. I suspect many others are in this same situation. Esp. if the Justdate breach was indeed 24 million people as the email indicated. Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. use a protocol on your website that is properly supported.

    In all versions of Google Chrome I am now advised;

    This site can’t provide a secure connection

    haveibeenpwned.com uses an unsupported protocol.
    ERRSSLVERSIONORCIPHER_MISMATCH

    The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.

    So, why can't you use a proper protocol?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    I’m as close to certain as possible that this is a problem at your end, there’s been a heap of traffic through the site today and yours is the only mention of this. TLS termination is done at Cloudflare and nothing has changed configuration wise.

  15. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Somehow add suspected breaches

    Since I use a seperate email address for every domain I register for (forum/webshops) I have a fairly good picture of breached sites (currently many forum sites). Is there a way to add/investigate/report these?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Please reconsider including leaked password in Notification Emails. Consider letting users opt in.

    Your users should treat this password as public information, as should you. If you are concerned about storing this information, then delete the leaked passwords once the notification emails have been sent.

    The beneficial impact of all users knowing exactly which of their passwords have been leaked is likely much greater than the dangers of your copy of the passwords being leaked since these passwords are already in the open and should be treated as public information.

    If you still feel against this, then please at least make it an opt in option. Let people opt in to agreeing to…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    It’s just too risky to handle this sort of data in a publicly facing service and not be able to store it as a secure cryptographic hash. Opting in would made a large amount of additional work to service a very small portion of the overall accounts in a breach.

  18. Catch all

    Implement support for catch all email addresses. I use a different mail address per website I register to. Its all on the same domain that is configured to support catch all e-mail. In theory I could use an UUID email adres per website.

    In order to proof you are the owner you could send a verification mail to a random mailadres for the given domain.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Allow notifications for an entire domain or allow a way to pull the domain report without having to verify every time.

    We have access to a private feed of password dumps that we query every day automatically so we can proactively notify our users of account compromises. It would be really cool if we could also query haveibeenpwned in a similar fashion without having to manually verify domain ownership each time. This would allow us to automate the retrieval of the report.

    Another option would be to allow people to sign-up for domain wide notifications similar to how you allow people to sign-up for individual account notifications.

    Either way, the goal is to automatically receive or retrieve the information so we…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base