Skip to content

General

← Customer feedback for Have I Been Pwned

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

56 results found

  1. Meta/ Facebook

    We are subscribing to your service and had over 3.000 users so far. But none is showing the FACEBOOK data leak. How can this be?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  2. K-12 domains

    is there EDU pricing for K-12 and do you have resellers that NY schools can use?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  3. Add unsubscribe steps in FAQ

    There's a old thread from 2015 and the response mentions there's an unsubscribe link in emails. I do not see the unsubscribe blurb in the emails I have received since May 2023. If going through the "opt-out" process is the new method, the wording is confusing as there is no mention of being removed from breach notifications. "Opting-out provides various mechanisms to ensure your email address is no longer publicly searchable. After verifying control of the address, you'll be given 3 different options that put you in control of how your visibility should be removed from both existing data breaches…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    completed  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

    This is already in place:


    1. Notification emails sent to individuals have the following text: "If you don't want to receive any future breach notifications, just click here to unsubscribe"
    2. Notification emails sent to domain monitors have the following text: "You can see which of the accounts you're monitoring were compromised and manage your domains via the domain search dashboard. You can also unsubscribe domains from future notifications via the dashboard."


    Opting-out is a different mechanism unrelated to services you've consciously subscribed to and is explained as follows: "Opting-out provides various mechanisms to ensure your email address is no longer publicly searchable."

  4. New tier for home users

    I self-host VaultWarden which has an option for an api key. For a small home user, I would love a cheaper option that would be rate limited by X requests per month or year so I can make use of this feature for my family. I do not need the 10 rpm of the current lowest tier.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  5. add a way to pull up all the accounts made from an email

    Add an option to list all the accounts made and available from an email.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  6. Higher Ed Discount

    As we are not awash in money it would be appreciated if there was a Higher Ed discount of some sort. As students come and go they still stay on the list as pwned users even if they are no longer enrolled. Like you, we are a proponent of research and public service.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  7. Allow challenging of unrealistic results...

    I have a small private domain used just for my family, which has 5 mailboxes and at most a dozen email adresses including role accounts like security@ or postmaster@ - yet HIBP tells me I need to sign up for Layer 3 subscription as I apparently have 128 breached accounts.

    Clearly there is something wrong, but there's no way for me to even see what's wrong because I don't have a subscription. There must be some error in the HIBP database, but there's no way for me to check or even to ask someone to check it...

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  8. Consider offering a free tier for nonprofits

    It looks like some services have been put behind a paywall. Which in truth I can understand. We offer services to small budget local governments in Texas - this information is helpful to secure public workers and their county emails.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  9. Create a Mastodon account

    Given the exodus of accounts from Twitter to Mastodon, as well as its close relationship to the open-source and information security communities, I think you should create a Mastodon account and have it basically, at the very least, reflect what your Twitter account is saying - which is relatively easy to do via tools such as this: https://moa.party/

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    completed  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded

    Done! I'd previously tried to reach out to @haveibeenpwned@mstdn.social and ask them to hand over the account but got no response. I've just set up @haveibeenpwned@infosec.exchange instead and verified it as the owner of the domain. I'm not sure how I'll actually use it yet (only a very tiny portion of the audience is there), but at least it now has a presence.

  10. QuestionPro information

    Thank you for your service.

    I received a notice from you that I had been pawned. After receiving your confirmation that I -WAS- hacked, I then did a web search on the QuestionPro hacking. It appears they are declining to confirm the incident. I can prove that it occurred.

    I assign a different email to EVERY person I exchange emails with, especially vendors. The email address you indicated was hacked was assigned to ONLY ONE MAJOR US POWER SUPPLIER. It is 100% clear to me that my supplier gave my email address to QuestionPro which was subsequently hacked.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  11. update the breached password list download again

    I noticed you stopped updating the download for breached passwords. I would like to continue to have an up to date data set to prevent users form choosing breached passwords but I will not use the API.

    I don't want the availability of something like registering for an account to be tied to an external service, nor do I want to slow the process down by waiting on an external API.I just want an up to date list to check locally and decide to accept or reject the password my user is trying to choose.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  12. Display the Bitcoin Cash donation address as CashAddress

    On the donation page the Bitcoin Cash donation address is displayed in the old legacy format (1DQZe241VSm5VjY1YeAyiWQR5VFH3heCtJ).
    Most wallets (probably 100% of all user facing once) supports the CashAddress format (bitcoincash:qzypv5j3ce6g57x9te25lgx0z6af8ehz2c8tudzpaf in this case) and using the legacy format for bitcoin cash is discouraged due to a risk of sending to an invalid address.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  13. I reiceived an email that I'm in the Epik hack, but I have never had an account there so it seems something is off.

    I reiceived an email that I'm in the Epik hack, but I have never had an account there so it seems something is off with hibp?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  14. Erroneous link to v2 API documentation

    On page https://haveibeenpwned.com/PwnedWebsites the link on the sentence "These are accessible programmatically via the HIBP API" still redirects to the deprecated v2.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  15. Offer a direct link to an account's breaches

    It would be helpful if we could directly link to an account's breaches info.

    For example, using an URL like https://haveibeenpwned.com/#example%40example.com to directly open the pwned information for example@example.com.

    This would make it easier to integrate HIBP into other products without having to recreate the whole pwned information webpage.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  16. Test accounts that always return the same results

    For unit testing purposes, to be able to be certain that the data from HIBP is parsed and stored in the application correctly.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  17. Add API search for telephone number

    The current API allows the list of pwned accounts (email addresses and usernames) to be quickly searched via a RESTful service.

    Can you add the phone number search (based on your portal search for Facebook breach)?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  18. to make a list of pwned apps or websites from old to new so that it wouldn't be hard for us to scroll down-scroll own to the pwned things.

    make a button for List Of Pwned Apps/Websites, then add summary of each Pwned A/W.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  19. Add an option to search breached accounts through a username

    And it could work that if there are multiple accounts using the same username then you for example can choose the one that's yours

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  20. Search by email address domain?

    I have my own domain with a catch-all service. Every website I register get's a different mail address which makes it easier to block addresses that receive spam (after a leak) and to check if the sender is really the sender. Checking each mail address individually is time consuming, can I somehow check all mailaddresses ending with my specific domain?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
← Previous 1 3
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base

(thinking…)