General
119 results found
-
user submission of phish mails that charge bitcoin ransom by putting old password in subject
i got yet another mail with the same template of putting one of my previously used passwords that have been potentially obtained from one or more breaches.
there has to be a secure process that hibp can build for users if they can responsibly reset all the site logins where that password is used and maybe make hibp aware that there are breaches from where these credentials are obtained and perhaps get a way to be alerted to. user may take a decision if they want to continue with the service that was breached, regardless of changing the password.2 votesI definitely don’t want to end up in a position where HIBP has the power to reset people’s passwords. If I’ve misunderstood and you’re talking about flagging potential breaches instead, vote for this idea: https://haveibeenpwned.uservoice.com/admin/v3/ideas/34782007/
-
Table view for breach list
It would be nice to have an option to show the list of breaches for a particular e-mail address in table form with 1 row per breach and 1 column per piece of information involved (username, e-mail, name, dob, socio-economic, ssn, etc.) with maybe a score for how egregious the underlying issue was (plaintext/unsalted md5, etc.) and/or how sophisticated the attack was.
1 vote -
Badges!
Would be amusing to have an hibp breach count badge next to peoples usernames on blogs/etc. alongside their twitter badge, SO scores, etc.. Might help to raise awareness of hibp.
59 votes -
https://gitlab.com/ronaldoats/combos.vip-live.com
List of users and passwords 2,436,867 accounts
1 vote -
Options to Recover Hacked accounts
Ive been hacked on 3 personal computers, 1 Verizon phone and 2 burner phones almost immediately after activating them. It all happened at the same time. Then the burners 2 days in a row.
WTF is the point? Even my truck is hacked? Who hacks new phones so obviously with 0 information?
They hacked a 4th computer which is a corporate laptop for I'm a Fortune 500 company. "They got a little cocky with that one." Is anything available to recover several email accounts, photo galleries, apps, ect. That use the same email address?
They grouped photos and videos of…2 votes -
Free Developer Access to Paid API
I suggest dev access.
Either by access to fake data, or by minimum access, some results based on a rank.1 vote -
1 vote
-
Add MostRecentDate to Domain Search results
When viewing Domain Search results, it would be helpful to have column containing the date of their most recent appearance in a breach data set. This would help prioritize password changes if the search results are larger.
7 votes -
Offer an option to inform where you have been compromised
offer an option to inform where you have been compromised - Chemist Direct login and password details exposed via email. These were correct.
1 vote -
Include an Industry field for every breach
The API for searching a breach should include what industry the breach is from, like Web, Government, Insurance, Financial, etc,.
1 vote -
Alert for physical address
Now Slickwraps has your address, notify the person.
(but how, how do you verify if a person owns the address? email and address in a past leak? (also could be abused))
3 votes -
Microsoft flow integration for a domain
An integration with Microsoft flows for a domain would be excellent. Something that would query the tenant for live or past emails in a domain and automatically notify the users about the breach.
1 vote -
Add SSH leaked keys
We believe the future of credentials checking goes beyond just password, and integrating SSH key checking would add lots of value to www.haveibeenwned.com.
SSH keys are also sensitive credentials that are increasingly exploited by attackers in our research findings. We are willing to share our up-to-date SSH leaked key database with www.haveibeenwned.com.105 votes -
Update Zygna.com data breach information
I've just been informed that the Zygna.com data breach included my phone number. Which, makes sense, since it is usually installed on mobile devices. You don't list phone numbers are part of the data breach.
6 votes -
Request a company to be investigated for a breach
Although this was downvoted, I suspect some companies are not reporting their breaches or they do not know about them.
My most recent was EpicGames, which Have I been Pwnd (Password page) says my password has not been pwned. But it was pwned, and was used to access my Gmail, EpicGames and other sites.
I'm not sure what can be done - I think people like me can help collaborate in a way that can lead to discovering unreported breaches and whistle blow those companies to notify their users of breaches.
Why do I have to become a hacker to…
3 votes -
Mark Wii U ISO as a sensitive breach
Wii U ISO is a site that hosts illegal downloads of pirated video games. This include Roms & ISOs for Nintendo Switch, Wii U, and 3DS. The ability to upload or download games is only available for registered users.
Because having an account could link users to illegal software piracy, I would like to propose adding it to the list of sensitive breaches.
(Arguably, emuparadise should be marked as sensitive, as they previously distributed illegal ROMs)
8 votes -
add icons for passwords and credit card numbers in report
Since breaches of passwords and credit card numbers are so much worse than any other breaches, it would be great if you added icons to the Pwned sites column in the report. That is it would say:
Adobe, Forbes🔑, Vodaphone💳, Zomato🔑
This allows people to focus on the most important issues first. Dates would help in this regard:
Adobe 2013, Forbes🔑2014, Vodafone💳2013, Zomato🔑2017
This isn't adding any information you don't already have, just making it more convenient.
(The emoji are 🔑 U+1F511 or🗝️ U+1F5DD and 💳 U+1F4B3.)
Thanks for providing this great service!
21 votes -
7 votes
-
Add % of p0wn count already in DB as new field in API
EG; https://twitter.com/haveibeenpwned/status/1180912324644888576 '87% of addresses were already in @haveibeenpwned'. In this case 87% of the 988k records were already in the DB. I can see the PwnCount, but not the % that was already in the DB, that's the attribute I'd like to be doing some querying on.
3 votes -
Increase contrast in the footer
In the footer, there is the text "A troyhunt.com project" and 3 icons underneath it. These are very hard to see, especially the text. Please increase their contrast with the background
1 vote
- Don't see your idea?