General

  1. Free Developer Access to Paid API

    I suggest dev access.
    Either by access to fake data, or by minimum access, some results based on a rank.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Add MostRecentDate to Domain Search results

    When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Offer an option to inform where you have been compromised

    offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Include an Industry field for every breach

    The API for searching a breach should include what industry the breach is from, like Web, Government, Insurance, Financial, etc,.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Create different pricing for different rate limits

    Right now there is a 1.5-second delay time b/w request, which is a long delay wait-time for us.
    Currently, we have to thread multiple API keys together to decrease the rate limit, though we'd rather only have to use one and pay a bit extra.
    It would be very helpful if we could pay extra to have a lower rate limit (e.g. think tiers for rate limits maybe?)

    80 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Alert for physical address

    Now Slickwraps has your address, notify the person.

    (but how, how do you verify if a person owns the address? email and address in a past leak? (also could be abused))

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Microsoft flow integration for a domain

    An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Add SSH leaked keys

    We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
    SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.

    90 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Update Zygna.com data breach information

    I've just been informed that the Zygna.com data breach included my phone number. Which, makes sense, since it is usually installed on mobile devices. You don't list phone numbers are part of the data breach.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Request a company to be investigated for a breach

    Although this was downvoted, I suspect some companies are not reporting their breaches or they do not know about them.

    My most recent was EpicGames, which Have I been Pwnd (Password page) says my password has not been pwned. But it was pwned, and was used to access my Gmail, EpicGames and other sites.

    I'm not sure what can be done - I think people like me can help collaborate in a way that can lead to discovering unreported breaches and whistle blow those companies to notify their users of breaches.

    Why do I have to become a hacker to…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Mark Wii U ISO as a sensitive breach

    Wii U ISO is a site that hosts illegal downloads of pirated video games. This include Roms & ISOs for Nintendo Switch, Wii U, and 3DS. The ability to upload or download games is only available for registered users.

    Because having an account could link users to illegal software piracy, I would like to propose adding it to the list of sensitive breaches.

    (Arguably, emuparadise should be marked as sensitive, as they previously distributed illegal ROMs)

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. add icons for passwords and credit card numbers in report

    Since breaches of passwords and credit card numbers are so much worse than any other breaches, it would be great if you added icons to the Pwned sites column in the report. That is it would say:

    Adobe, Forbes🔑, Vodaphone💳, Zomato🔑

    This allows people to focus on the most important issues first. Dates would help in this regard:

    Adobe 2013, Forbes🔑2014, Vodafone💳2013, Zomato🔑2017

    This isn't adding any information you don't already have, just making it more convenient.

    (The emoji are 🔑 U+1F511 or🗝️ U+1F5DD and 💳 U+1F4B3.)

    Thanks for providing this great service!

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Add % of p0wn count already in DB as new field in API

    EG; https://twitter.com/haveibeenpwned/status/1180912324644888576 '87% of addresses were already in @haveibeenpwned'. In this case 87% of the 988k records were already in the DB. I can see the PwnCount, but not the % that was already in the DB, that's the attribute I'd like to be doing some querying on.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. API access: Recurring yearly payment

    This would help us alot as a company. Doing monthly bill mapping with a corporate creditcard is not working for us :-)

    369 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    42 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Increase contrast in the footer

    In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Anonymous statistics about the collected data

    Just to satisfy our hunger for data and curiosity about lists of all kinds of things, it would be interesting if the massive amount of data HIBP was processed to produce new data. It doesn't need to be searchable like Shodan's or GreyNoise's (while this would be amazing we don't need to think too much to understand the implied risks) and should not disclose sensitive information, but even with this limitation in the way it would be presented to the public (and keeping in mind the growing adoption of GDPR and similar regulations around the world), there are several processing…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Provide localised language versions

    IMO, HIBP is so useful that every single person in the world should have it bookmarked and all companies should monitor their domains accounts using it. Some users in our company use their business email address to create accounts in several websites, and thanks to HIBP our IT team is warned when one of them is pwned.
    We thought it would be a great idea to tell everyone about HIBP so they could verify and monitor their own personal accounts, so we did it by sending an email telling about HIBP to everyone in the company. Everyone was able to…

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Unable to generate new api key 21/08/19

    Is there an issue with generating API keys right now? I'm unable to get a key receiving an error:
    An error occurred while processing your request
    The error has been logged and a notification sent.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base