General
117 results found
-
Badges!
Would be amusing to have an hibp breach count badge next to peoples usernames on blogs/etc. alongside their twitter badge, SO scores, etc.. Might help to raise awareness of hibp.
59 votes -
https://gitlab.com/ronaldoats/combos.vip-live.com
List of users and passwords 2,436,867 accounts
1 vote -
Options to Recover Hacked accounts
Ive been hacked on 3 personal computers, 1 Verizon phone and 2 burner phones almost immediately after activating them. It all happened at the same time. Then the burners 2 days in a row.
WTF is the point? Even my truck is hacked? Who hacks new phones so obviously with 0 information?
They hacked a 4th computer which is a corporate laptop for I'm a Fortune 500 company. "They got a little cocky with that one." Is anything available to recover several email accounts, photo galleries, apps, ect. That use the same email address?
They grouped photos and videos of…2 votes -
Free Developer Access to Paid API
I suggest dev access.
Either by access to fake data, or by minimum access, some results based on a rank.1 vote -
1 vote
-
Add MostRecentDate to Domain Search results
When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.
7 votes -
Offer an option to inform where you have been compromised
offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.
1 vote -
Include an Industry field for every breach
The API for searching a breach should include what industry the breach is from, like Web, Government, Insurance, Financial, etc,.
1 vote -
Alert for physical address
Now Slickwraps has your address, notify the person.
(but how, how do you verify if a person owns the address? email and address in a past leak? (also could be abused))
3 votes -
Microsoft flow integration for a domain
An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.
1 vote -
Add SSH leaked keys
We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.105 votes -
Update Zygna.com data breach information
I've just been informed that the Zygna.com data breach included my phone number. Which, makes sense, since it is usually installed on mobile devices. You don't list phone numbers are part of the data breach.
6 votes -
Request a company to be investigated for a breach
Although this was downvoted, I suspect some companies are not reporting their breaches or they do not know about them.
My most recent was EpicGames, which Have I been Pwnd (Password page) says my password has not been pwned. But it was pwned, and was used to access my Gmail, EpicGames and other sites.
I'm not sure what can be done - I think people like me can help collaborate in a way that can lead to discovering unreported breaches and whistle blow those companies to notify their users of breaches.
Why do I have to become a hacker to…
3 votes -
Mark Wii U ISO as a sensitive breach
Wii U ISO is a site that hosts illegal downloads of pirated video games. This include Roms & ISOs for Nintendo Switch, Wii U, and 3DS. The ability to upload or download games is only available for registered users.
Because having an account could link users to illegal software piracy, I would like to propose adding it to the list of sensitive breaches.
(Arguably, emuparadise should be marked as sensitive, as they previously distributed illegal ROMs)
8 votes -
add icons for passwords and credit card numbers in report
Since breaches of passwords and credit card numbers are so much worse than any other breaches, it would be great if you added icons to the Pwned sites column in the report. That is it would say:
Adobe, Forbes🔑, Vodaphone💳, Zomato🔑
This allows people to focus on the most important issues first. Dates would help in this regard:
Adobe 2013, Forbes🔑2014, Vodafone💳2013, Zomato🔑2017
This isn't adding any information you don't already have, just making it more convenient.
(The emoji are 🔑 U+1F511 or🗝️ U+1F5DD and 💳 U+1F4B3.)
Thanks for providing this great service!
21 votes -
7 votes
-
Add % of p0wn count already in DB as new field in API
EG; https://twitter.com/haveibeenpwned/status/1180912324644888576 '87% of addresses were already in @haveibeenpwned'. In this case 87% of the 988k records were already in the DB. I can see the PwnCount, but not the % that was already in the DB, that's the attribute I'd like to be doing some querying on.
3 votes -
Increase contrast in the footer
In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background
1 vote -
Anonymous statistics about the collected data
Just to satisfy our hunger for data and curiosity about lists of all kinds of things, it would be interesting if the massive amount of data HIBP was processed to produce new data. It doesn't need to be searchable like Shodan's or GreyNoise's (while this would be amazing we don't need to think too much to understand the implied risks) and should not disclose sensitive information, but even with this limitation in the way it would be presented to the public (and keeping in mind the growing adoption of GDPR and similar regulations around the world), there are several processing…
4 votes -
Provide localised language versions
IMO, HIBP is so useful that every single person in the world should have it bookmarked and all companies should monitor their domains accounts using it. Some users in our company use their business email address to create accounts in several websites, and thanks to HIBP our IT team is warned when one of them is pwned.
We thought it would be a great idea to tell everyone about HIBP so they could verify and monitor their own personal accounts, so we did it by sending an email telling about HIBP to everyone in the company. Everyone was able to…17 votes
- Don't see your idea?