General

  1. Sort breaches by date

    This is mostly useful for those of us who like to check for new leaks involving our email addresses every few months. Currently one has to read through the whole list of results since they're in a seemingly arbitrary order, including those one has already changed the relevant passwords for.

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Identifying Password Reuse Between Seperate Breaches

    When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.

    This would be interesting for individual accounts, but more useful when monitoring domains.

    If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.

    If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Internationalized domain name

    Domain search verifying by email : domains with umlauts get not an email without any error message. Of course, if you convert domain name from IDN into ACE string before you enter it works.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Indicate which data classes were compromised for each record in a breach

    So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
    This is important because the ledger hack is more serious than many other to the security of those leaked.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Google Analytics?

    I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
    Thanks
    Bernd

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. For each of the download files, can you make available a sample file with 100 rows?

    Instead of downloading the large file to see the file format, I would like to download a 100-row example. This would save bandwidth and allow someone to experiment with integrating the database into an app without having to download the very large example.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Showing results via Mail

    I think it is a matter of privacy what services (that were breached) I used. This site allows me to type in any e-mail I know and to verify whether or not the person did use a special service. It might seem that this information is not too big of a deal, still I'd consider it private. So my suggestion is that the services only sends back a link to the email that shall be checked and provides the results there.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Add date stamps to each breach listed on the home page

    So visitor can quickly grasp how up-to-date your data is.
    Thank you,
    --Ben

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Add hover text to define "paste" and "paste accounts" on home page

    I had to hunt around in About to learn what these were.
    Thank you,
    --Ben

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Notify email owner by phone text message

    Offer the flexibility for a user to enter all email addresses owned by the user along with a mobile number through which the user gets notified if any of the listed emails are pwned.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. An API call that returns both paste and breach information for a given account

    This may be related to rate limiting, but it would be nice if I didn't have to make two calls to get both the paste and breach information for an account.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Paypal option to pay API key

    Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. add a webhook option for domain breach notifications.

    In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Add the “Notify Me” element to API functionality

    Add the “Notify Me” element to API functionality so that people can be automatically added to the monitoring (as well as the one off checks)

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Due diligence search on prospective service domains

    Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. user submission of phish mails that charge bitcoin ransom by putting old password in subject

    i got yet another mail with the same template of putting one of my previously used passwords that have been potentially obtained from one or more breaches.
    there has to be a secure process that hibp can build for users if they can responsibly reset all the site logins where that password is used and maybe make hibp aware that there are breaches from where these credentials are obtained and perhaps get a way to be alerted to. user may take a decision if they want to continue with the service that was breached, regardless of changing the password.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Table view for breach list

    It would be nice to have an option to show the list of breaches for a particular e-mail address in table form with 1 row per breach and 1 column per piece of information involved (username, e-mail, name, dob, socio-economic, ssn, etc.) with maybe a score for how egregious the underlying issue was (plaintext/unsalted md5, etc.) and/or how sophisticated the attack was.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Badges!

    Would be amusing to have an hibp breach count badge next to peoples usernames on blogs/etc. alongside their twitter badge, SO scores, etc.. Might help to raise awareness of hibp.

    54 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. https://gitlab.com/ronaldoats/combos.vip-live.com

    List of users and passwords 2,436,867 accounts

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Options to Recover Hacked accounts

    Ive been hacked on 3 personal computers, 1 Verizon phone and 2 burner phones almost immediately after activating them. It all happened at the same time. Then the burners 2 days in a row.
    WTF is the point? Even my truck is hacked? Who hacks new phones so obviously with 0 information?
    They hacked a 4th computer which is a corporate laptop for I'm a Fortune 500 company. "They got a little cocky with that one." Is anything available to recover several email accounts, photo galleries, apps, ect. That use the same email address?
    They grouped photos and videos of…

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base