Skip to content

General

230 results found

  1. small 'best of' download files instead of full 10 gb...

    in one of the recent blogs from you or cloudflare, it is talked that basically it would be best to deny all passwords with a count > 100 and warn on password > 20. would it be possible to create download files just for these (i think) like 10 mil records (all > 20)? that would make it easier to create a local repository database with a workable download size and working count. ... and ignoring the rare passwords which make up the largest bucket of your collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can easily do this yourself by pulling down the entire data set then just extracting all records within the threshold you’ve chosen. I don’t want to publish multiple versions of the same data at different thresholds, this is a very subjective decision and it can easily be extracted from the existing data,

  2. Any suggestions as to anything that can be done to fix any problems associated with these list.

    Would like to see some suggestions as to how to repair/improv being victims of the instances you unveil.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Provide database dump for hashes of email address for offline download

    This can be very useful for companies to verify if their users (non-staff) are affected by any breaches and inform them to not share password for different systems. I'm residing in EU, GDPR doesn't allow us to send email to your API to check if a particular email address appear in any breach.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →

    This would enable anyone to download everyone’s data. Hashes may be cracked which would allow for mass enumeration of emails in a breach. There is no provision in GDPR which prohibits an EU data subject from searching for their email address via the online service.

  4. Question: any way to opt-out a closed e-mail account address?

    I asked to opt-out an e-mail address, but since I closed the e-mail account (it's already a year since) I find difficulty in confirming the verification e-mail. Any alternative thing I can do to try to block the e-mail address from showing in this site? Thanks!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  5 comments  ·  Admin →
  5. Domain Verification - Not received after several tries.

    Verification token sent An email containing a verification token has been sent off to the address you chose, just copy................

    Kindly help for fix.

    For your note:

    1. Domain not blocked in mail server
    2. haveibeenpwned domain - whitelisted
    3. message header not found in mail server inbound logs

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  6. Fix multi-domain search results

    Apparently, multi-domain search result for breached email account sets are broken. Maybe only for large result sets?
    I did a multi-domain search after the avectis breach notification with over 10.000 of our company and customer emails affected. However, the "Breached email accounts" tab in the excel format was empty. The HTML did not load (result set to big) and the JSON also only included "{"BreachSearchResults":null, ..."
    Can you check this please?

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. API for recommending to allow/forbid a specific credential set.

    Perhaps as a premium service, allow a caller to post an email / password combination. HIBP responds with a recommendation on whether to allow the user to use that password on caller's system. Known pwn'd combinations would always recommend "forbid", as well as perhaps forbidding any password in the top % of pwn'd passwords by frequency.

    The end goal is giving system owners a way to steer users away from not only weak but also repeat & known-compromised credentials. I understand that data extraction would be a concern, thus the "premium" service suggestion.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. when I enter capital letter in domain name it is not working. Please make it case sensitive

    when I enter capital letter in domain name it is not working. Please make it case sensitive

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Add Retry-After to Access-Control-Expose-Headers

    When hitting a 429 response, a cross-origin request does not have access to the Retry-After header.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Mark ArmorGames as confirmed pwned

    I use unique email address per subscriber, and I suddenly started receiving spam on the email I used to signup for armorgames.

    They are not trustworthy. -- this is not an idea, but saw that you have listed them as unconfirmed, I can confirmed my data was leaked from their site --

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Add possibility to get total count of leaked emails for specific domain through API

    Possibility of getting count of total emails addresses leaked for specific IP is very useful due to problems of exporting the data for domain search when there real many emails. In my case happened that after export if showed only "Pastes" database and no other leaks. I have checked some email addresses from exported CSV list and through online database, results were not the same.
    And if total count for domain will be available, it will be much easier to compare results and see the differences, also such information can be useful for online threat intelligence platforms.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    A count alone won’t do much good, people want to know who was impacted in the breach. Plus, you already get a count at the top of the search page or can look at the rows in the CSV.

    Separately to this, if the results you’re seeing aren’t accurate, just check it’s not due to public searches not showing sensitive breaches.

  14. Notification before loading breach onto Azure

    In the past I have recreated the Maltego Graph of all breached sites/names and domains and when I have pushed this to GitHub another breach has been loaded on the same day by a tweet from https://twitter.com/haveibeenpwned

    Can you publish a counter estimating when the next series of breaches will be made available?

    I understand that breaches may be loaded concurrently and/or urgently, etc. Neither am I asking for you to publish the name of the website that you are confirming has been breached, etc

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. What is LogoType?

    Can you describe what the intended use of the LogoType field in the Breach object is? I can't find anything in the API docs that describes the field. I know what SVG and JPG are, but to what do they refer? Do you have (or plan to have) an API that will return a logo for the name of a breach? I can see from the source of your web pages that you have that data in the content folder

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Bring back sorted hashes

    I used to lookup password hashes by a binary search in the sorted password list (iterating over the initial database and the 2 updates).

    With the new database 2.0 this is no longer possible (unless I sort the downloaded hashes).

    Please bring back the sorted hashes.

    I do not care for the counts that have been added - perhaps another file with sorted hashes and without counts (to somewhat reduce the file size) could be offered for download?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. explain in the FAQ why a mail address (mine!) appears as hacked in your tool, but the associated password is not listed as hacked?

    Does it mean that the e-mail adress was hacked, but that the associated password was not decrypted? If not, why the password is not found in your database? Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
  20. Not very smart features

    I've changed my password but my mail remain in the list. When my account will be "pwned" again, I will not know about it.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base