General
119 results found
-
Add the ability for a domain owner to view and unsubscribe any currently setup domain subscription
A domain subscription checker (done with similar verification to the domain verification links) would enable the domain owner to check only current employees have have access to the information, and to revoke any incorrectly or outdated subscriptions on the domain without having to have access to each destination mailbox
From personal mistake:
I've subscribed for domain alerts, copied the verification token and authorised before it took me back to a screen that showed I'd mis-spelt the notification email address hostname! That means someone else now is approved to see full domain level summary.As the notification email address is different…
8 votes -
Full email service for companies to help CISOs
Hello,
I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.
But to make life easier I suggest the following service:
1) I sign in at Have I Been Pwned.
2) I type in and confirm all domains of my company
3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
4) I accept the actual status of unsealed account information as the base line
5) If new breaches of user accounts will occur Have I…7 votes -
1 vote
-
Make a section on what to do if you have been pawned.
So, Iv'e been pawned? What's next? What do I need to do? How can I fix this issue or protect myself from this happening again? You talk about being pawned but I don't see anything in simple English on the next steps besides using your password generator which I have been using for years but still got pawned.
21 votes -
Add an Ethereum / Bitcoin SV / credit card / other for donations
Add an Ethereum address for donations and convert all existing Bitcoin donations to renBTC (there's more Bitcoin in the Ethereum network than on the lightning network) via bridge.renproject.io and exchange renBTC for Ethereum via 1inch.eth.link (1inch exchange).
13 votes -
Unsubscribing partial domain email breach notification with multiple domains
If you register an email notification for multiple domains, you are notified for all domains.
However, if at some point you no longer wish to be notified about one of the domains, it does not seem possible to unsubscribe from one of the domains only. (If you unsubscribe from both, and then re-subscribe to just 1 of the domains, it seems like your previous multi-domain account with the same email is reactivated, and multiple domain notifications are again emailed.)1 vote -
Sort breaches by date
This is mostly useful for those of us who like to check for new leaks involving our email addresses every few months. Currently one has to read through the whole list of results since they're in a seemingly arbitrary order, including those one has already changed the relevant passwords for.
38 votes -
Identifying Password Reuse Between Seperate Breaches
When an account is included in multiple breaches, identify if the leaked password is reused, or similar password used in individual breaches.
This would be interesting for individual accounts, but more useful when monitoring domains.
If an account is included within multiple breaches, but there is low/no password reuse/similarity then we can gain a level of comfort that the leaked credentials cannot be used further.
If however the account that is included in multiple breaches has used the same or similar password across those breaches we can prioritise taking action and changing passwords for non-breached systems.
1 vote -
Internationalized domain name
Domain search verifying by email : domains with umlauts get not an email without any error message. Of course, if you convert domain name from IDN into ACE string before you enter it works.
1 vote -
Indicate which data classes were compromised for each record in a breach
So yeah, when testing an email-address, if should be made clear in the returned results whether the full data (name, physical address, email) or only the email-adress was leaked.
This is important because the ledger hack is more serious than many other to the security of those leaked.4 votes -
Google Analytics?
I'm a European Data Privacy Officer and in my applications I don't allow any tracking cookies. Can you prove a - maybe paid - service without Google Analytics?
Thanks
Bernd4 votes -
For each of the download files, can you make available a sample file with 100 rows?
Instead of downloading the large file to see the file format, I would like to download a 100-row example. This would save bandwidth and allow someone to experiment with integrating the database into an app without having to download the very large example.
2 votes -
Add date stamps to each breach listed on the home page
So visitor can quickly grasp how up-to-date your data is.
Thank you,
--Ben1 vote -
Add hover text to define "paste" and "paste accounts" on home page
I had to hunt around in About to learn what these were.
Thank you,
--Ben2 votes -
Notify email owner by phone text message
Offer the flexibility for a user to enter all email addresses owned by the user along with a mobile number through which the user gets notified if any of the listed emails are pwned.
6 votes -
An API call that returns both paste and breach information for a given account
This may be related to rate limiting, but it would be nice if I didn't have to make two calls to get both the paste and breach information for an account.
1 vote -
Paypal option to pay API key
Not everyone has a creditcard. Should be nice if I can pay the API key with paypal :)
16 votes -
add a webhook option for domain breach notifications.
In addition to notifications via email, add a webhook option to be notified when your domain appears in the data breach list.
10 votes -
Add the “Notify Me” element to API functionality
Add the “Notify Me” element to API functionality so that people can be automatically added to the monitoring (as well as the one off checks)
7 votes -
Due diligence search on prospective service domains
Add the ability to search for historical breach information against a prospective service domain (Facebook, linkedin, firefly.ai) that may have been breached. This feature would be very handy as part of a due diligence operation prior to using that service
2 votes
- Don't see your idea?